12 Testing security

This chapter covers

Building a security-testing strategy for the organization
Applying four techniques to manually audit application security
Working with external security firms efficiently
Establishing and maintaining a bug bounty program

The concept of test-driven security (TDS) that we followed throughout part 1 of the book integrated security testing directly inside the CI/CD pipeline. By doing so, we tested new versions of services and applications before they reached production. It’s an ideal state that yields the fastest turnover between discovering security issues and fixing them.

Yet, the reality for most organizations is that only parts of applications and services can be properly tested from within the pipeline. ...

Get Securing DevOps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Securing DevOps by Julien Vehent

12 Testing security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly