DevOps puts an intense focus on automation – taking humans out of the loop whenever possible to allow frequent, incremental updates to production systems. However, thorough application testing often has multiple components – much of this can be automated, but manual testing is also required. This is inconvenient and not “DevOps-y,” but is unfortunately an unavoidable requirement in the real world.
This AppSec USA presentation with Axway’s Principal Application Security Engineer, Steve Springett, walks through Axway’s construction of their application security-testing pipeline and the decisions they were forced to make along the way to best maximize the use of automation while accommodating the reality of manual testing requirements.
Contact us for more information about how you can optimize your application vulnerability management program to pursue aggressive automation while also dealing with the realities of manual testing requirements.