Implement security validations for application development
- DevOps practices offer an innovative approach to security:
- Securing applications is a continuous, comprehensive process encompassing:
- Secure infrastructure
- Architectural design with layered security
- Continuous security validation
- Monitoring for attacks
- Securing applications is a continuous, comprehensive process encompassing:
- CI/CD pipeline should include validation points:
- IDE/pull request:
- Using Git source control in Azure DevOps with branch policies
- Requiring code review with each pull request
- Linking commits to work items for auditing
- CI:
- Running static code analysis tests
- Application deployment to DEV and TEST
- Performing passive and active tests
- IDE/pull request:
Configure synthetic security transactions
- Primary characteristics of synthetic transactions:
- Represent the capability to check an application’s availability across a network
- Are automated and self-contained
- Simulate user transactions
- Implementing synthetic user monitoring:
- Requires authoring test clients that simulate user actions
- Performs configurable but typical series of operations
- Facilitates load testing by using multiple instances of the test client
Top comments (0)