Module 2
Secure Software Development (Computer Science)
Unit 5
An Introduction to Testing
Learning Outcomes
- Describe the key terms which are associated with testing software for security.
- Prepare a list of questions to ask when designing a test plan for secure software.
- Design software tests through understanding the range of ways which the security of software can be breached.
e-Portfolio Component: Programming language concepts
The Cyclomatic Complexity is commonly considered in modules on testing the validity of code design today. However, in your opinion, should it be? Does it remain relevant today? Specific to the focus of this module, is it relevant in our quest to develop secure software? Justify all opinions which support your argument and share your responses with your team.
Response:Cyclomatic complexity is a metric that quantifies the complexity of a program by counting its decision points. A high cyclomatic complexity can indicate a more complex program, which can be challenging to understand, test, and maintain. This complexity can also introduce vulnerabilities that are harder to detect and mitigate (GeeksforGeeks, 2024).
However, it's essential to recognize that a high cyclomatic complexity doesn't inherently equate to a vulnerable program. Well-structured, complex code can still be secure if it adheres to sound design principles and is thoroughly tested. Additionally, modern development practices, such as code reviews, automated testing, and static analysis tools, can help mitigate the risks associated with complex code.
In the pursuit of secure software, cyclomatic complexity serves as a valuable indicator of potential vulnerabilities, but it's not the sole metric. A comprehensive security assessment should also consider factors like input validation, output encoding, and adherence to secure coding practices. By combining cyclomatic complexity with these additional measures, developers can significantly enhance the security of their software.
In conclusion, while cyclomatic complexity remains a relevant metric in modern software development, it's essential to use it in conjunction with other security best practices. By understanding its limitations and leveraging it as part of a holistic security assessment, developers can create more robust and secure software.
GeeksforGeeks (2024) Cyclomatic Complexity. Available from: https://www.geeksforgeeks.org/cyclomatic-complexity/ [Accessed 11 October 2024].
Meeting Notes
- Date: 1 September 2024
- Time (UK): 14:00–15:00
- Venue: Google Meet
- Attendees: Adriaan Joubert, Hristo Todorov, and Shraddha Gore
-
Agenda:
- Completed some of the collaborative sections.
- Outlined other sections to be completed later.
-
Next steps:
- Meet to work together on the remaining collaborative sections.
Reflection
- In this unit, I learned about cyclomatic complexity, a concept that was unfamiliar to me. In my professional experience, I have yet to encounter its application. Conversely, I am well-versed in equivalence testing, a widely used technique in software development.
- My team and I had developed a strong understanding of each other's work styles. Our collaboration had resulted in significant progress on the design document.