Development Through Secure Operations and Balanced Practices

This lesson reflects on the critical aspects of security and operations concerns. So far, we’ve created an application that’s well-engineered and has very low defects. Our user experience feedback has been positive—it is easy to use.

But all that potential can be lost in an instant if we cannot keep the application running. If hackers target our site and harm users, the situation becomes even worse.

Securing applications

An application that’s not running does not exist. The discipline of operations, often called DevOps these days, aims to keep applications running in good health and alert us if that health starts to fail.

Security testing, also called penetration testing (pen testing), is a special case of manual exploratory testing. By its nature, we’re looking for new exploits and unknown vulnerabilities in our application. Automation does not best serve such work. It repeats what’s already known. To discover the unknown, human ingenuity is required.

Penetration testing

Penetration testing is the discipline that takes a piece of software and attempts to circumvent its security. Security breaches can be expensive, embarrassing, or business-ending for a company. The exploits used to create the breach are often very simple.

Note: Security risks can be summarized roughly as follows:

  • Things we shouldn’t see

  • Things we shouldn’t change

  • Things we shouldn’t use as often

  • Things we should not be able to lie about

This is an oversimplification, of course. But the fact remains that our application might be vulnerable to these damaging activities, and we need to know whether that is the case or not. This requires testing. This kind of testing must be adaptive, creative, devious, and continually updated. An automated approach is none of those things, meaning security testing must take its place as a manual step in our development process.

Get hands-on with 1400+ tech skills courses.