DEV Community

Tanya Janca for Microsoft Azure

Posted on • Edited on

8 1

Pushing Left, Like a Boss - Part 8: Testing

This series, and my blog, have moved! Check it out!


Testing can happen as soon as you have something to test.

It is my belief that testing should be done throughout the development lifecycle, and not only during the testing phase. We want feedback as soon as possible, to ensure we make a high-quality product that customers actually want. Below I will lay out some strategies for security testing.
Provide Developers with security scanning software (such as OWASP Zap), teach them to use it, and ask them to fix everything it finds before sending it to QA.

Add automated security testing into your pipeline, specifically:

  • VA scanning of infrastructure (missing patches/bad config - this is for containers or VMs, but you use different tools to scan them)
  • 3rdparty components and libraries for known vulnerabilities
  • Dynamic Application Security Testing (DAST) - only do a passive scan so that you don't make the pipeline too slow

Q&A at #DevSecCon Seattle, 2019

During the testing phase I suggest doing a proper Vulnerability/Security Assessment(VA) or PenTest (if you need management's attention), but early enough that if you find something you can fix it before it's published.

Read the rest on my NEW blog!!

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay