Test Driven Security in Continuous Integration

Explore a 20-minute conference talk from USENIX Enigma 2017 on implementing Test Driven Security (TDS) in Continuous Integration environments. Learn how Mozilla's CloudSec team redesigned security controls to keep pace with rapid DevOps deployment cycles. Discover the principles of TDS, which prioritizes security tests representing desired behaviors and continuously runs them against code. Gain insights into how this approach accelerates the discovery and mitigation of security issues compared to traditional methods. Examine Mozilla's use of open-source tools to implement TDS, reducing security vulnerabilities and regressions in production environments. Understand the talk's structure, covering topics such as DevOps pipelines, writing and running tests in CI/CD, socializing requirements, and enforcing test passage. Benefit from the expertise of Julien Vehent, Firefox Services Security Lead at Mozilla, as he shares practical strategies for integrating security into fast-paced development cycles.

Intro
Bug Bounty payments
A DevOps pipeline
Writing tests
3. Running tests in CI/CD
Socialize requirements
5. Require tests to pass
Does it work?