Development Through Secure Operations and Balanced Practices
Explore the synergy between automated and manual workflows to enhance security testing, operations monitoring, and CI/CD pipelines.
We'll cover the following...
This lesson reflects on the critical aspects of security and operations concerns. So far, we’ve created an application that’s well-engineered and has very low defects. Our user experience feedback has been positive—it is easy to use.
But all that potential can be lost in an instant if we cannot keep the application running. If hackers target our site and harm users, the situation becomes even worse.
Securing applications
An application that’s not running does not exist. The discipline of operations, often called DevOps these days, aims to keep applications running in good health and alert us if that health starts to fail.
Security testing, also called penetration testing (pen testing), is a special case of manual exploratory testing. By its nature, we’re looking for new exploits and unknown vulnerabilities in our application. Automation does not best serve such work. It repeats what’s already known. To discover the unknown, human ingenuity is required.
Penetration testing
Penetration testing is the discipline that takes a piece of software and attempts to circumvent its security. Security breaches can be expensive, embarrassing, or business-ending for a company. The exploits used ...