Monitor your web application
We learned how to increase security using web controls such as HTTP headers, but to further ensure that they are kept in check we need to monitor them.
We'll cover the following
We learned how to increase security using web controls such as HTTP headers, but how do we ensure that we’re always up to date with security controls? How do we ensure there isn’t a regression next week where headers are removed from an HTTP response? This problem can get even more complicated if you’re working in a rich microservices environment, and need to account for more than a few services.
Monitoring and Shifting-left
We would ideally want to
We reviewed some tools in which we can easily create a CI integration during the build process. For example, we can leverage a full WebPageTest integration for both its performance and security insights by triggering an API call upon a successful website deployment to run an end-to-end build.
Furthermore, we can use command-line tools such as Check My Headers and others to validate that server responses are indeed conforming to a policy. This helps us shift left in application security testing and find issues earlier in the software development lifecycle.
Get hands-on with 1400+ tech skills courses.