Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Mathias Verraes:
How Much Testing is Too Much?
Jan 02, 2015 @ 17:55:43

In his latest post Mathias Verraes poses the question of how much testing is too much? At what point does testing actually become less useful and how much you really need.

Figuring out how much unit tests you need to write, can be tricky, especially if you are new to Test-Driven Development. Some teams strive for 100% code coverage. Some open source projects even announce their test coverage on their GitHub profiles – as if coverage is an indicator of quality. Coverage only measures the lines of code that are executed by the test suite. It doesn’t tell you whether the outcome of the execution is actually tested, let alone how valuable that test is. Because of that, code coverage of your entire code base is a pretty lousy metric.

He suggests that the "it depends" answer to "how much testing is enough" question just isn't good enough. He puts most of this in the context of TDD (where testing is built-in to the development time) but some of the thoughts could apply to post-code testing as well. He also talks about over-design and how it relates to refactoring with deeper insight. Finally, he talks about a subject not mentioned much in testing articles - when to delete tests.

tagged: unittest testdrivendevelopment tdd too much overdesign refactor delete

Link: http://verraes.net/2014/12/how-much-testing-is-too-much/

Chris Shiflett's Blog:
PHP Insecurity
Jan 24, 2006 @ 12:34:00

Chris Shiflett's latest post mentions this criticism of PHP's insecurity as made by Andrew van der Stock.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...

tagged: insecurity security strong criticism against too much power insecurity security strong criticism against too much power

Link:

Chris Shiflett's Blog:
PHP Insecurity
Jan 24, 2006 @ 12:34:00

Chris Shiflett's latest post mentions this criticism of PHP's insecurity as made by Andrew van der Stock.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...

tagged: insecurity security strong criticism against too much power insecurity security strong criticism against too much power

Link:


Trending Topics: