The A's, B's, and Four C's of Testing Cloud-Native Applications

Explore the evolving landscape of testing cloud-native applications in this 48-minute LASCON conference talk. Delve into the A's, B's, and Four C's of modern testing methodologies, examining crucial aspects such as Software Bill of Materials (SBOM), Architectural Bill of Materials, and high-level threat modeling concepts. Learn about API testing, component analysis, compute resources, and cloud configuration. Discover how to create effective data flow diagrams, map threats to asset types, and develop comprehensive test plans. Gain insights into reporting strategies, security and risk management practices, and the role of service owners and developers in the testing process. Conclude with a Q&A session addressing additional resources and audience inquiries.

Intro
Dan Cornell
The More Interesting New Days
What Changed?
Software Bill of Materials (SBOM)
Architectural Bill of Materials
High Level Threat Modeling Concepts
Example Data Flow Diagram
Mapping Threats to Asset Types
Code - API Testing
Components
Compute
Cloud Configuration
So What Does This All Look Like?
Reporting
Security/Risk Management
Service Owner/Developer
Test Plan
If You Have More Resources
Questions and Answers