Development Through Secure Operations and Balanced Practices
Explore how to balance automated testing and manual security practices within test-driven development. Understand the role of penetration testing, DevOps, and feature flags in maintaining secure, reliable applications while integrating manual steps effectively into CI/CD pipelines to achieve high-quality software delivery.
We'll cover the following...
This lesson reflects on the critical aspects of security and operations concerns. So far, we’ve created an application that’s well-engineered and has very low defects. Our user experience feedback has been positive—it is easy to use.
But all that potential can be lost in an instant if we cannot keep the application running. If hackers target our site and harm users, the situation becomes even worse.
Securing applications
An application that’s not running does not exist. The discipline of operations, often called DevOps these days, aims to keep applications running in good health and alert us if that health starts to fail.
Security testing, also called penetration testing (pen testing), is a special case of manual exploratory testing. By its nature, we’re looking for new exploits and unknown vulnerabilities in our application. Automation does not best serve such work. It repeats what’s already known. To discover the unknown, human ingenuity is required.
Penetration testing
Penetration testing is the discipline that takes a piece of software and attempts to circumvent its security. Security breaches can be expensive, embarrassing, or business-ending for a company. The exploits used ...