From the course: DevSecOps: Automated Security Testing
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Tips for security automation for DevOps
From the course: DevSecOps: Automated Security Testing
Tips for security automation for DevOps
- [Instructor] Before we start writing tests, I want to cover four guiding principles that can help avoid a lot of the problems that can occur when doing security in a DevOps or Agile context. Let's get to them. Up first, don't slow down the build. The build is the lifeblood of the development team. When it is slowed down or breaks, the team can't get work done or software released. One of your key tasks is to instrument security testing without adding too much time to the build. How much time is too much? Well, that depends on your shop, but I'm a believer in the Coffee Test. If the build takes more time to run than it takes to go get a cup of coffee, then you have a problem. For that reason, I recommend keeping your overall build time, including all the security tests, to less than five minutes. If you find yourself in a situation where security testing is taking too long, then you might want to split tests into fast tests and slow tests. Keep the fast tests in the main build job…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.