Importance of Security Testing in DevOps & DevSecOps Practices -Part 1
When we talk about DevOps and DevSecOps means we are talking about their practices. Organizations always try to focus on that practices so they can follow "DevOps Culture" and achieve their goals.. but really are we understand the importance of Testing in "DevOps Universe" ?
Testing itself too big on its own and something its a kind of huge tree and types of Testing its like a branches of that tree.
Currently in IT world we have 100+ types of testing and related their tools but its true that we don't use all tools and its not required as well but since we all are practicing DevOps culture we always focus on CI/CD , Infra as code , Containerization and Orchestration but during implementing of security in our Enterprise Pipeline (DevOps & DevSecOps) the most important thing is Security Testing.
We do testing of Infra but for me the role play by testing of security in Enterprise pipeline is like "guardian of the children".
Basically we define testing of security as a part of Security as code.
Here are some best practices for Security as code -
- Privilege Management
- Define Policies
- Internal Build and deployment security
- Test policies for Security
So the 4th point is very much significant as a part of practices .
When we talk about Test polices means we are covering most of area of our application like Network security , database security and application.
Security Importance in Business domain
All are the Business domains are important in current IT growing Industry but some of the processes and domains are much critical like Banking, Payment Card Industry (PCI), Financial Institutes, Insurance domain, telecom and Government Institutes.