TOOLS AND FRAMEWORKS
Our Techstack.
As software developers and cyber security experts, we have experience with a wide range of technologies. We are broadly positioned, but can quickly delve into a topic and solve special tasks.
Software Development
Programming Languages
Over the years, we have been able to deepen our knowledge of several programming languages. Most of them we have used in large projects with tens of thousands of lines of source code.
| Language | Description |
|---|---|
|
C/C++ is the language where we can draw on more than 15 years of experience: from ANSI C to C11, from C++11 to C++20. We also have extensive knowledge and practical experience about the build infrastructure (Continuous Integration, CI/CD) that it takes to successfully implement projects with these languages. In addition to code generators that translate e.g. from IEC 61131-3 to this language, we have also implemented highly portable PLC runtime systems (up to SIL3 or ASIL C; ISO 262626, IEC 61508) and interpreters that are suitable for use in microcontrollers. We have already worked with GCC, Clang/LLVM, IAR, Keil and Microsoft Visual C++. |
|
Python offers numerous packages that are available to solve tasks quickly due to its widespread use. For example, we used Python to implement model-based code generators that produce build scripts and test stubs for PLC runtime systems, making it possible to check by machine whether architecture specifications are met. Furthermore, we developed our own Python disassembler for obfuscated code using a specially modified Python runtime for a reverse engineering project. |
|
Go is our language of choice for implementing backend services or tools that can be deployed as dependency-free as possible and built cross-platform. In the Go environment, we have particular experience with X.509 mechanisms, GraphQL interfaces and network protocols. |
|
Java is the language we know from the area of IDE development. We have experience in the Eclipse ecosystem and have already extended Eclipse-based IDEs with OSGi components. Examples of this are code generators for implementing PLC logic in C++ and Python, build systems for PLC applications and services that allow C/C++ toolchains to be declaratively integrated into IDEs. |
|
Lua is loved by us because of its slimness and universal usability. We have already embedded the interpreter several times in existing C/C++ applications. We also have experience with the connection of existing libraries in Lua applications. Lua applications can also be excellently developed test-driven. |
|
Shell are our medium of choice to automate high-level processes. This includes initialization scripts, but also complicated logic in embedded systems, for example. |
| others | If there are tasks that require activities in other languages, we generally dare to do this, but expect a relatively longer training period, since our focus is on the languages mentioned. We have already dealt with PHP, Ruby, Perl and various Assembler dialects in projects. |
Testing and Mocking Frameworks
We are advocates of test-driven development. We see the greatest advantage in the formal definition of the system associated with the test creation.
| Framework | Description |
|---|---|
|
doctest we like to use to test applications created in modern C++. It features blazing fast compiles, which is especially beneficial during development. |
|
Catch2 is one of our frameworks of choice to test applications that were created in modern C++. It is widely used and provides easy-to-use and readable validation routines for virtually every mechanism in C++. |
| Unity | Unity is characterized by low requirements for the underlying system. It is highly portable and can also be used wonderfully on embedded systems. We already published an article about integrating the framework into CMake-based projects. |
| ucunit | ucunit is an older, ultra-lightweight test framework that we have used in particular in connection with embedded systems. We accompanied a team that certified this framework for use in testing safety-critical applications (up to SIL3, ASIL C). |
| cmocka | cmocka is a framework we used in projects where a C library was available. What we value about this framework is that the test results can be easily evaluated. |
| cppunit | CppUnit was our testing framework of choice in older C++ projects. We now prefer to use Catch2. |
|
pytest is what we use to test Python code. This framework is also well suited for creating integration and/or system tests for C/C++ applications. |
| Testify | Testify helps us to create unit- and integrationtests for software components written in Go. The standard library of the programming language itself already offers extensive support (e.g. HTTP server and client components) when creating unit and integration tests, which we like to use. |
| mockery | mockery is what we use for the automated creation of mocks. The latter can then simply be instructed from the outside to behave as desired. This allows excellent "bad weather scenarios" to be tested. |
|
JUnit is used by us extensively to create unit and integration tests for Java applications. |
|
mockito allows for creating mocks for unit and integration tests for applications developed in Java. We used it extensively to create tests for parsers and transpilers. |
|
RCPTT is what we used extensively to create system tests for Eclipse RCP based applications. The tests were then run "headless" through a CI/CD environment to make end-to-end scenarios reproducible. |
| LuaUnit | LuaUnit is our framework of choice for creating unit and integration tests for components developed in Lua. It is easy to integrate and offers a variety of ready-made, easy-to-read verification routines. We mostly created mocks manually because this is quick and easy with Lua. |
| shUnit2 | shUnit2 is what we like to use in connection with more complex logic in shell scripts. We have already published an article on our blog, where we describe how we write shell scripts test with this framework. |