• Whitepaper
  • Network and Application Security

Read the technical contribution

Automated security testing within the DevOps processes has to be supplemented with tests in the production environment in order to fully assess the app's performance.

Coming Soon
Coming Soon
Function NürnbergMesse GmbH
close

This content is available to the it-sa 365 community. Please register or log in with your login data.

itsa 365: Two persons in front of a flip chart, name of the white paper
An essential element of the DevOps approach is the integration of security tests in an early phase of the software development lifecycle (SDLC). The aim is to identify weak points in new applications at an early stage and to eliminate them cost-effectively before deployment. However, agility and speed are often more important than security in real development teams. In addition, web applications in particular are usually subject to frequent changes and are also attacked through increasingly sophisticated methods.

It is therefore necessary to test extensively after the deployment in order to get feedback about the behavior of the application in the real world, especially in regards to functionality, performance, error tolerance and user experience. Based on the traditional approach, in which special security teams test applications before deployment, the white paper describes the testing concepts of Shift Left (early in the SDLC) and Shift Right (in the production environment) and explains how these have a positive effect on application security, defining a new, iterative software development lifecycle.

 

A document on this subject is available in German. Would you like to read it? Switch to the German view.