Bringing Security Closer to QA

In an agile or DevOps environment, applications are subjected to multiple iterations of functional tests for every release. This is because continuous modifications to application code could adversely impact the quality, functionality, user experience or scalability of an application.

The same holds true for security. An erstwhile fixed vulnerability can resurface in subsequent product releases due to modifications made to the product. we45’s security regression framework helps engineering and QA teams extend the concept of automated regression testing to security and thereby help ensure that previously identified security vulnerabilities do not resurface in subsequent releases of the application. Additionally, logic flaws uncovered through manual inspection (penetration tests) are fed as exploit automation scripts to the regression test suite, ensuring that non-scanner based vulnerabilities are also validated

Security_image

Want to know how to embrace security regression as part of Product Development?