DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Edited on

Implement security for application lifecycle

Implement security validations for application development

  • DevOps practices offer an innovative approach to security:
    • Securing applications is a continuous, comprehensive process encompassing:
      • Secure infrastructure
      • Architectural design with layered security
      • Continuous security validation
      • Monitoring for attacks
  • CI/CD pipeline should include validation points:
    • IDE/pull request:
      • Using Git source control in Azure DevOps with branch policies
      • Requiring code review with each pull request
      • Linking commits to work items for auditing
    • CI:
      • Running static code analysis tests
    • Application deployment to DEV and TEST
      • Performing passive and active tests Alt text of image

Configure synthetic security transactions

  • Primary characteristics of synthetic transactions:
    • Represent the capability to check an application’s availability across a network
    • Are automated and self-contained
    • Simulate user transactions
  • Implementing synthetic user monitoring:
    • Requires authoring test clients that simulate user actions
    • Performs configurable but typical series of operations
    • Facilitates load testing by using multiple instances of the test client

Top comments (0)