onion2k wrote:Right.. you mean like writing a test to make sure known exploits like an SQL injection don't work? Yeah, that would be quite sensible I guess. It wouldn't make your site secure per se, but it would check the security measures you have thought of are working.marcth wrote:In my opinion, the best way to test the code for security vulnerabilities is via unit tests
More importantly, if someone comes around, modifies your code and introduces a security vulnerability, your existing unit test will expose it immediately.