Creating Integration Tests
As we continue to mature the Detection as Code model, we can and should include integration level testing. The key distinction between unit and integration testing is that this type of testing requires confirmation of a successful deployment in the security tooling itself to successfully evaluate results. Automating the integration testing functions within our common use case pipelines can greatly reduce the chances of error prone deviation in testing methodology.
This chapter focuses on implementing integration testing for different security solutions either inline of the CI/CD pipeline or asynchronously, using engineer defined payloads. We’ll have a chance to experiment with different workflow styles that can help scale a global engineering model, and practice using a breach adversary simulation (BAS) tool.
By the end of the chapter, you will be able to configure and deploy additional infrastructure, which facilitates integration level testing...