I have always been a fan of testing and blogged about it in the past. Software testing is a complex discipline. Most developers admit it’s important, but I think we are often mistaken about the true purpose of testing. It already starts with the word ‘test’, which has a wider range of meanings in software than the dictionary definition [to] take measures to check the quality, performance, or reliability of (something), especially before putting it into widespread use or practice. What is this something? The software of course! Ah, so we apply the test to something that’s already there. We test to check the work we have done. That not quite TDD. Continue reading “ATDD testing: All Tests Drive Development”
You know the sales pitch by now: agile development helps to deliver value to stakeholders fast and efficiently. Frequent releases guarantee maximum visibility. We want to see progress now. So we’ll spare a thought for security along the way and worry about it when it’s too late.
Don’t get me wrong: if that’s how a team chooses to work they only have themselves to blame. There is nothing in agile development that downplays the importance of security. It’s just that an inordinate focus on delivering visible value fast doesn’t bode well for safe software, as this is a quality attribute that takes time (=money) to do well and meanwhile is not very visible to end users. Until it all goes horribly wrong of course. Continue reading “Spring Data REST: convention over security”