CAST 2017 focuses on the actual tactical work required to perform excellent, effective and influential testing.
Chef’s own Galen Emery, Solutions Architect for Government will be presenting: Security and Testing – Why Red, Green, Deploy Matters More Than Ever
We get security into the pipeline by testing security, just like we write unit, integration, smoke and functional tests. Using the open-source Inspec testing language, we can bring these security controls into the testing pipeline and ensure that our build doesn’t ship unless the system maintains its security posture.
We do that by treating our security controls like an integration test. Does the system actually comply with the rule? By doing so, we can automate this type of testing and we can put it into our pipeline. Once it’s there, we can ensure that code doesn’t move past until it clears these tests and eliminates a significant bottleneck to our velocity.
In this talk, he’ll go over why we need to build security into our code pipeline, what doing so gives us for our velocity and security, and how we can generate reports with inspec to please managers, auditors and security teams.