Foundations · Module 4
Verification and testing
Ensure quality and security through comprehensive testing strategies, OWASP ASVS integration, accessibility testing with WCAG 2.2, and performance testing.
Previously
Implementation and build
Write secure, maintainable code with proper input validation, output encoding, session management, error handling, and supply chain security.
This module
Verification and testing
Ensure quality and security through comprehensive testing strategies, OWASP ASVS integration, accessibility testing with WCAG 2.2, and performance testing.
Next
Deployment and CI and CD
Automate secure deployments with CI/CD pipelines, DevSecOps integration, deployment strategies, and Infrastructure as Code basics.
Progress
Mark this module complete when you can explain it without rereading every paragraph.
Why this matters
Verification shows whether your design survives reality.
What you will be able to do
- 1 Explain verification and testing in your own words and apply it to a realistic scenario.
- 2 Tests are how you prove architectural claims about safety, performance, and reliability.
- 3 Check the assumption "Tests match risk" and explain what changes if it is false.
- 4 Check the assumption "Failures are actionable" and explain what changes if it is false.
Before you begin
- No previous technical background required
- Read the section explanation before using tools
Common ways people get this wrong
- Green build theatre. A green build can hide gaps if you test the wrong things.
- No regression coverage. If you cannot prevent regression, you re-learn the same lessons under stress.
Ensure quality and security through comprehensive testing strategies, OWASP ASVS integration, accessibility testing with WCAG 2.2, and performance testing.
Verification shows whether your design survives reality. We test what matters, not only the happy paths.
Mental model
Verification proves claims
Tests are how you prove architectural claims about safety, performance, and reliability.
-
1
Claim
-
2
Test
-
3
Evidence
-
4
Release gate
Assumptions to keep in mind
- Tests match risk. Test what can hurt users. Do not test only what is easy.
- Failures are actionable. A failing test should tell you what to do next.
Failure modes to notice
- Green build theatre. A green build can hide gaps if you test the wrong things.
- No regression coverage. If you cannot prevent regression, you re-learn the same lessons under stress.
Check yourself
Quick check. Verification and testing
0 of 5 opened
Why do you test abuse paths as well as happy paths
Because real failures often come from misuse, edge cases, and attack behaviour, not from ideal user flows.
What is OWASP ASVS used for
A structured set of security requirements and verification guidance for web applications.
Name one accessibility check you would run on a form
Keyboard navigation and focus visibility, plus label associations and error messages that can be understood by screen readers.
What is the difference between unit tests and end to end tests
Unit tests check small pieces in isolation. End to end tests check real flows across multiple components.
Scenario. A feature ships and users can complete the flow, but support calls double. What did you likely miss
Usability and failure mode testing, plus monitoring and feedback loops. Passing tests is not the same as a good outcome.
Artefact and reflection
Artefact
A short module note with one key definition and one practical example
Reflection
Where in your work would explain verification and testing in your own words and apply it to a realistic scenario. change a decision, and what evidence would make you trust that change?
Optional practice
Test strategies, OWASP ASVS, accessibility testing, and performance validation