An essential element of the DevOps approach is the integration of security tests in an early phase of the software development lifecycle (SDLC). The aim is to identify weak points in new applications at an early stage and to eliminate them cost-effectively before deployment. However, agility and speed are often more important than security in real development teams. In addition, web applications in particular are usually subject to frequent changes and are also attacked through increasingly sophisticated methods.
It is therefore necessary to test extensively after the deployment in order to get feedback about the behavior of the application in the real world, especially in regards to functionality, performance, error tolerance and user experience. Based on the traditional approach, in which special security teams test applications before deployment, the white paper describes the testing concepts of Shift Left (early in the SDLC) and Shift Right (in the production environment) and explains how these have a positive effect on application security, defining a new, iterative software development lifecycle.
A document on this subject is available in German. Would you like to read it? Switch to the German view.
