Overview
Learn about integrating abuse case testing into DevOps practices in this 57-minute conference talk from Circle City Con 5.0. Explore the prerequisites, DevOps overview, and AppSec integration before diving into use cases, unit tests, and threat modeling. Discover the process of developing abuse cases and implementing them using Mocha. Gain insights on writing code, conducting unit and integration tests, and incorporating security-focused testing. Examine monitoring techniques, code coverage analysis, and continuous improvement strategies. Benefit from consulting lessons learned and a comprehensive summary to enhance your understanding of abuse case testing in DevOps environments.
Syllabus
Intro
ABUSE CASES PREREQUISITES
DEVOPS OVERVIEW
APPSEC IN DEVOPS
USE CASES / UNIT TESTS
PHASES
THREAT MODELING
ABUSE CASE DEVELOPMENT
MOCHA
WRITE CODE AND TESTS
UNIT/INTEGRATION TESTS
SECURITY UNIT INTEGRATION TESTS
SECURITY UNIT TEST EXAMPLE
INTEGRATION TESTING EXAMPLE
MONITORING
CODE COVERAGE
CONTINUOUS IMPROVEMENT
CONSULTING LESSONS LEARNED
SUMMARY