12 Testing security

This chapter covers

  • Building a security-testing strategy for the organization
  • Applying four techniques to manually audit application security
  • Working with external security firms efficiently
  • Establishing and maintaining a bug bounty program

The concept of test-driven security (TDS) that we followed throughout part 1 of the book integrated security testing directly inside the CI/CD pipeline. By doing so, we tested new versions of services and applications before they reached production. It’s an ideal state that yields the fastest turnover between discovering security issues and fixing them.

Yet, the reality for most organizations is that only parts of applications and services can be properly tested from within the pipeline. ...

Get Securing DevOps now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.