DevSecOps in the TEST Phase

In this phase, we focus more on testing the finished product. We have already completed analyzing the source code, so now we're going to move on to testing the built product. This will include penetration testing, validation, and looking at what automation can be put in place to help the deployment and operations of the system. There are several different types of tests that can be undertaken only on the built software.

⭕ Penetration Testing (Manual)

▪ This is a manual test that attempts to compromise the system's security using manual attack techniques.

⭕ Load Testing (DDoS)

▪ Putting demand on the system and measuring its response

▪ Testing whether or not the system can defend against distributed denial of service attacks.

⭕ Fuzzing

▪ Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs.

⭕ Integration Testing

▪ Testing of combined individual modules

▪ Integration security testing is needed to have confidence that there isn't a gap in security when everything is put together.