Pay Heed to DevSecOps

As the industry moves along and catches the wave of DevOps, specific attributes are certainly also catching on – one such focus area being DevSecOps – as the name implies, Security in the world of DevOps. Until a few years ago, security was all about the Top 10 OWASP web vulnerabilities. While that largely still reigns in the world of security testing, product teams have started looking beyond and acknowledging the need, especially  for web services and network security testing, as part of app security testing efforts.

OWASP itself has guidelines laid out for other areas of security testing including tool and framework suggestions. There are really two things as we move to embrace DevSecOps – one around expanding the scope of security testing and the other around making it habitual. And such habitual testing is possible by leveraging existing functional scripts and reusing them for security testing wherever possible in addition to core automated security testing scripts. These make security testing ongoing, and something that can be understood by everyone in the product team while the core subject matter expertise may reside with the security specialists.

At QA InfoTech we have frameworks that leverage the core functional Selenium scripts for security testing – do reach out to us to know more and how we have been using the same to promote DevSecOps in addition to industry tools that are available for the same.

About the Author

QA InfoTech

QA InfoTech

Established in 2003, with less than five testing experts, QA InfoTech has grown leaps and bounds with three QA Centers of Excellence globally; two of which are located in the hub of IT activity in India, Noida, and the other, our affiliate QA InfoTech Inc Michigan USA. In 2010 and 2011, QA InfoTech has been ranked in the top 100 places to work for in India.

Related Posts