I’m curious how other Hosting companies test 3rd party integration in their webapp code. We have separate environments (e.g. dev, test, pre-production, production), but have kept our dev and test environments private as the code being tested isn’t always necessarily secure and don’t want those environments open to the world. With the need to test 3rd party integration though, developers don’t want to wait to test that integration until the code is pushed to production. One idea was secure it at the perimeter and whitelist the IP’s of the 3rd parties, but not all of the 3rd parties publish the IP’s being used or if they do, they change enough where managing the whitelist can become a real pain in the butt.
What sort of security precautions do other people take to make sure their test environments are kept secure while still being able to test 3rd party integration?
When it comes to creating applications, there is a need for multiple environments to support the development process. It typically starts on the developers own computer, then on to an integration environment, a QA testing environment, possibly a UAT (User Acceptance Testing) environment, and then finally production. Depending on your organization, you may have some, none, or all of these different environments.
When it comes to security, the focus is typically on the production environment. This is where the instances that all of the users use are on a daily basis. This has all the “real” data. It is where real credit card numbers or social security numbers may reside. There is a lot of effort put on securing the production environment.
Viewing 2 reply threads
You must be logged in to reply to this topic.
– EH-Net Live!“CISO Underrepresented“ w/ Mark Arnold and Steph Ihezukwu on Tues June 30 @ 1:00 PM US ET. Reg Open Now!