Re: [Mod-security-developers] mod_security test suite
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] mod_security test suite
|
From: Kurt S. <kse...@re...> - 2015-10-01 14:52:57
|
On Thu, Oct 1, 2015 at 8:11 AM, Felipe Costa <FC...@tr...> wrote: > Hi Kurt, > > At this point that particular question have too many answers :) There are > few ways to test if an operator in behaving in the way you expect. The > methods are described bellow. > Sorry I should have been more explicit, my concern is integration testing more, e.g. we have a layered product sitting on top of Red Hat Enterprise Linux (e.g. Satellite Server, CloudForms, OpenStack, whatever), if I put mod_security in front of it I need to test that the whole stack works together, obviously one aspect of that is "Real world" testing, but in order to avoid false negatives (e.g. a test passes, but maybe mod_security didn't block it properly and some nasty data managed to get through to the backend) I need some simple ways to ensure I can test for false negatives and false positives (e.g. a highly simplistic app that echoes what it got directly back so there is no doubt if mod_security blocked it or not). In theory this kind of stuff shouldn't happen with proper testing methodology, but my job is not to plan for the happy scenario, it's to plan for the failure scenario =). Belt AND suspenders and all that. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: sec...@re... ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php -- -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: sec...@re... |
