Security of Testing environments and 3rd party integration

This topic contains 2 replies, has 2 voices, and was last updated by  Henry864 3 years, 3 months ago.

  • Author
    Posts
  • #8758
     lorddicranius 
    Participant

    I’m curious how other Hosting companies test 3rd party integration in their webapp code. We have separate environments (e.g. dev, test, pre-production, production), but have kept our dev and test environments private as the code being tested isn’t always necessarily secure and don’t want those environments open to the world. With the need to test 3rd party integration though, developers don’t want to wait to test that integration until the code is pushed to production. One idea was secure it at the perimeter and whitelist the IP’s of the 3rd parties, but not all of the 3rd parties publish the IP’s being used or if they do, they change enough where managing the whitelist can become a real pain in the butt.

    What sort of security precautions do other people take to make sure their test environments are kept secure while still being able to test 3rd party integration?

  • #54032
     lorddicranius 
    Participant

    Thinking about this more, this isn’t really webapp specific and probably belongs in a different forum πŸ™‚

  • #54033
     Henry864 
    Participant

    When it comes to creating applications, there is a need for multiple environments to support the development process. It typically starts on the developers own computer, then on to an integration environment, a QA testing environment, possibly a UAT (User Acceptance Testing) environment, and then finally production. Depending on your organization, you may have some, none, or all of these different environments.

    When it comes to security, the focus is typically on the production environment. This is where the instances that all of the users use are on a daily basis. This has all the β€œreal” data. It is where real credit card numbers or social security numbers may reside. There is a lot of effort put on securing the production environment.

You must be logged in to reply to this topic.

Copyright Β©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?