As the industry moves along and catches the wave of DevOps, specific attributes are certainly also catching on – one such focus area being DevSecOps – as the name implies, Security in the world of DevOps. Until a few years ago, security was all about the Top 10 OWASP web vulnerabilities. While that largely still reigns in the world of security testing, product teams have started looking beyond and acknowledging the need, especially for web services and network security testing, as part of app security testing efforts.
OWASP itself has guidelines laid out for other areas of security testing including tool and framework suggestions. There are really two things as we move to embrace DevSecOps – one around expanding the scope of security testing and the other around making it habitual. And such habitual testing is possible by leveraging existing functional scripts and reusing them for security testing wherever possible in addition to core automated security testing scripts. These make security testing ongoing, and something that can be understood by everyone in the product team while the core subject matter expertise may reside with the security specialists.
At QA InfoTech we have frameworks that leverage the core functional Selenium scripts for security testing – do reach out to us to know more and how we have been using the same to promote DevSecOps in addition to industry tools that are available for the same.