verification with tests

[gsvarovsky]

Verification of the prototype implementation, as used in an open-source exemplar app, with tests.

The app chosen will already exist, and will not be one of those analysed above, but will have a similar threat/functional/non-functional profile so that the main identified security goals can be demonstrated. The tests will primarily comprise automated system tests, but may also include integration tests and exploratory tests. Coverage will be driven by the findings of the project, and may include:

• edge cases considered in the design and formal analysis
• 'chaos' tests with security applied
• scalability and performance tests

The tests and their recorded outcomes will be published publicly (primarily in the app repository and associated continuous integration platform).

• tests added to the app code repository
• recorded outcomes e.g. in a CI platform, or documentary
• correlation of tested app security properties to the threat models