SlideShare uma empresa Scribd logo

Testing 12-Factor Apps

Phillip Marlow
Phillip Marlow

A lot of focus has been placed on securing the cloud, but the cloud can also be used to help secure applications. Find out how the same principles that apply to building cloud scale applications can also be used to deploy test environments in the cloud that support application security testing. Never again fear that your automated security testing, penetration testing, and customer A/B testing will collide. This talk will cover how applications that abide by the 12 Factors (https://12factor.net/) are easier to test. It will also discuss how the extreme flexibility of cloud resources allows easy separation of different types of application testing, ensuring that security tests can be run without interfering with business objectives.

Tecnologia
1 de 17
Testing 12-Factor Cloud Apps Phillip Marlow October 2022 Approved for Public Release; Distribution Unlimited. Case Number 22-3215 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Too Long; Didn’t Listen  The flexibility and elasticity of cloud services allows better and more automated testing – if applications are designed to take advantage of it  Designing applications and services for the cloud provides increased testability and security  This makes applications more resilient against technical and environmental failures as well as attacks  It also improves the organization’s ability to deliver on their mission © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
> iam list-user-tags  Cloud Engineer: Designed and built both AWS and Azure environments for large teams  Systems Engineer: Focus on the overall system and process to deliver the system  Developer: 10+ years  DevOps Engineer: Automating build, test, deployment, and monitoring  Security Engineer: GSE #263, SANS Master’s Degree  Hacker: Speaker at DEF CON Cloud Village © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Typical Application Promotion Process Development.env Test.env Production.env Application v1.0 Application v1.0 Application v1.0 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Application Development Process Development Test Production Application v1.0- katherine Application v1.0-jenny Application v1.1 Application v1.0- katherine Application v1.0-jenny Application v1.1 Application v1.1 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Mature Application Deployment Process Development Test Production Application v1.0- katherine Application v1.0-jenny Application v1.1 Application v1.0- katherine Application v1.0-jenny Application v1.1 – instance 1 Application v1.1 Application v1.1 – instance N Test App2 v2.1 App2 v2.1 App2 v2.1 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
The Big Problem  Can multiple versions of an application be hosted in each environment?  This design creates choke points on work at each environment  Especially problematic for the test environment which may be shared by many users © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Designing for the Cloud is Better  The Twelve-Factor App, developed by Adam Wiggins & Heroku  https://12factor.net/ Apps that:  Use declarative formats for setup automation, to minimize time and cost for new developers joining the project;  Have a clean contract with the underlying operating system, offering maximum portability between execution environments;  Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration;  Minimize divergence between development and production, enabling continuous deployment for maximum agility;  And can scale without significant changes to tooling, architecture, or development practices. © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Twelve-Factor Alternatives  Microservices Reference Architecture from NGINX  https://www.nginx.com/blog/introducing-the-nginx-microservices- reference-architecture/  Beyond the Twelve-Factor App by Kevin Hoffman  https://www.oreilly.com/library/view/beyond-the-twelve- factor/9781492042631/ © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
I. Codebase  Partially solves the big problem of multiple deploys in an environment One codebase tracked in revision control, many deploys © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
II. Dependencies  No reliance on dependencies installed in the deployment environment makes it possible to scale the number of deployments and environments as needed Explicitly declare and isolate dependencies © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
III. Config  Separating environment specific configuration allows consistent and independent deployments  It also ensures that no changes need to be made to the system between environments, which could potentially compromise the integrity of previously run tests Store config in the environment © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
IV. Backing Services  By treating backing services, such as databases or APIs, as attached resources, we ensure the application is loosely coupled to those resources  This enforcement of loose coupling of components makes testing those components easier  While this may increase the number of integration tests, this approach ensures we have a thorough understanding of those integration points making developing integration tests easier Treat backing services as attached resources © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
V. Build, Release, Run  Testing can be run more frequently when build is separated from run  Ensures no code changes are possible at runtime, so earlier tests remain valid in the production environment Strictly separate build and run stages © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
X. Dev/Prod Parity  Independent tests results are applicable to the final deployment Keep development, staging, and production as similar as possible © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Wins  Tests can be run simultaneously AND independently  It’s easy to add another instance of an app or a whole environment  Applications are designed for easy integration with other tools, including test orchestrators and cloud security platforms  Common operational patterns can be used to make the application more resilient against a variety of failures and attacks © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
Phillip Marlow @wolramp linkedin.com/in/phillipmarlow Thank You! pmarlow@mitre.org © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.

Recomendados

Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSecPhillip Marlow
 
How to Test Your Mobile Apps From Anywhere
How to Test Your Mobile Apps From AnywhereHow to Test Your Mobile Apps From Anywhere
How to Test Your Mobile Apps From AnywhereMatthew Allen
 
Cloud Native Application Development Guide – 2023
Cloud Native Application Development Guide – 2023Cloud Native Application Development Guide – 2023
Cloud Native Application Development Guide – 2023Lucy Zeniffer
 
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...DigitalOcean
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
POV - Practical Containerization
POV - Practical ContainerizationPOV - Practical Containerization
POV - Practical ContainerizationRobert Greiner
 
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Amazon Web Services
 
Applying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomesApplying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomesKartik Kanakasabesan
 

Recomendados

Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSecPhillip Marlow
 
How to Test Your Mobile Apps From Anywhere
How to Test Your Mobile Apps From AnywhereHow to Test Your Mobile Apps From Anywhere
How to Test Your Mobile Apps From AnywhereMatthew Allen
 
Cloud Native Application Development Guide – 2023
Cloud Native Application Development Guide – 2023Cloud Native Application Development Guide – 2023
Cloud Native Application Development Guide – 2023Lucy Zeniffer
 
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...
Combining Cloud Native & PaaS: Building a Fully Managed Application Platform ...DigitalOcean
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
POV - Practical Containerization
POV - Practical ContainerizationPOV - Practical Containerization
POV - Practical ContainerizationRobert Greiner
 
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Migrate legacy applications to AWS at scale with no code changes (Sponsored b...
Migrate legacy applications to AWS at scale with no code changes (Sponsored b...Amazon Web Services
 
Applying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomesApplying lean, dev ops, and cloud for better business outcomes
Applying lean, dev ops, and cloud for better business outcomesKartik Kanakasabesan
 
Microservices
MicroservicesMicroservices
MicroservicesAxEdge Consulting
 
Hacking DevOps
Hacking DevOpsHacking DevOps
Hacking DevOpsPhillip Marlow
 
A secure cloud service deployment framework for DevOps
A secure cloud service deployment framework for DevOpsA secure cloud service deployment framework for DevOps
A secure cloud service deployment framework for DevOpsnooriasukmaningtyas
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
The new developer experience
The new developer experienceThe new developer experience
The new developer experienceEric Cattoir
 
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdfTaming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdfKief Morris
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirNitin Saxena
 
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...Daniel Berg
 
Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...IBM UrbanCode Products
 
Agile application delivery trio webinar
Agile application delivery trio webinarAgile application delivery trio webinar
Agile application delivery trio webinarSkytap Cloud
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Sanjeev Sharma
 
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...Michael Elder
 
The Advent of Serverless Technologies
The Advent of Serverless TechnologiesThe Advent of Serverless Technologies
The Advent of Serverless TechnologiesCloudflare
 
What is Cloud Testing Everything you need to know.pdf
What is Cloud Testing Everything you need to know.pdfWhat is Cloud Testing Everything you need to know.pdf
What is Cloud Testing Everything you need to know.pdfpcloudy2
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native ApplicationsHTS Hosting
 
Exploring Cloud Native Architecture: Its Benefits And Key Components
Exploring Cloud Native Architecture: Its Benefits And Key ComponentsExploring Cloud Native Architecture: Its Benefits And Key Components
Exploring Cloud Native Architecture: Its Benefits And Key ComponentsLucy Zeniffer
 
Cloud Native Architecture: Its Benefits and Key Components
Cloud Native Architecture: Its Benefits and Key ComponentsCloud Native Architecture: Its Benefits and Key Components
Cloud Native Architecture: Its Benefits and Key ComponentsAndrewHolland58
 
cloud value for application development
cloud value for application developmentcloud value for application development
cloud value for application developmentMicrosoft Developer Network (MSDN) - Belgium and Luxembourg
 
Implementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsImplementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsTechWell
 
Modernize applications and reduce TCO with Windows containers on Azure Servic...
Modernize applications and reduce TCO with Windows containers on Azure Servic...Modernize applications and reduce TCO with Windows containers on Azure Servic...
Modernize applications and reduce TCO with Windows containers on Azure Servic...Microsoft Tech Community
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Mais conteúdo relacionado

Semelhante a Testing 12-Factor Apps

A secure cloud service deployment framework for DevOps
A secure cloud service deployment framework for DevOpsA secure cloud service deployment framework for DevOps
A secure cloud service deployment framework for DevOpsnooriasukmaningtyas
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
The new developer experience
The new developer experienceThe new developer experience
The new developer experienceEric Cattoir
 
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdfTaming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdfKief Morris
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirNitin Saxena
 
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...Daniel Berg
 
Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...IBM UrbanCode Products
 
Agile application delivery trio webinar
Agile application delivery trio webinarAgile application delivery trio webinar
Agile application delivery trio webinarSkytap Cloud
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Sanjeev Sharma
 
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...Michael Elder
 
The Advent of Serverless Technologies
The Advent of Serverless TechnologiesThe Advent of Serverless Technologies
The Advent of Serverless TechnologiesCloudflare
 
What is Cloud Testing Everything you need to know.pdf
What is Cloud Testing Everything you need to know.pdfWhat is Cloud Testing Everything you need to know.pdf
What is Cloud Testing Everything you need to know.pdfpcloudy2
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native ApplicationsHTS Hosting
 
Exploring Cloud Native Architecture: Its Benefits And Key Components
Exploring Cloud Native Architecture: Its Benefits And Key ComponentsExploring Cloud Native Architecture: Its Benefits And Key Components
Exploring Cloud Native Architecture: Its Benefits And Key ComponentsLucy Zeniffer
 
Cloud Native Architecture: Its Benefits and Key Components
Cloud Native Architecture: Its Benefits and Key ComponentsCloud Native Architecture: Its Benefits and Key Components
Cloud Native Architecture: Its Benefits and Key ComponentsAndrewHolland58
 
Implementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsImplementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsTechWell
 
Modernize applications and reduce TCO with Windows containers on Azure Servic...
Modernize applications and reduce TCO with Windows containers on Azure Servic...Modernize applications and reduce TCO with Windows containers on Azure Servic...
Modernize applications and reduce TCO with Windows containers on Azure Servic...Microsoft Tech Community
 

Semelhante a Testing 12-Factor Apps (20)

Microservices
MicroservicesMicroservices
Microservices
 
Hacking DevOps
Hacking DevOpsHacking DevOps
Hacking DevOps
 
A secure cloud service deployment framework for DevOps
A secure cloud service deployment framework for DevOpsA secure cloud service deployment framework for DevOps
A secure cloud service deployment framework for DevOps
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
The new developer experience
The new developer experienceThe new developer experience
The new developer experience
 
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdfTaming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
Taming Cloud Sprawl - XConf Europe 2023 - Kief.pdf
 
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud AirAccelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
Accelarting Hybrid Cloud Adoption through Use Cases in vCloud Air
 
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
InterConnect 2015: 3045 Hybrid Cloud - How to get a return from an investment...
 
Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...Improving Software Delivery with DevOps & Software Defined Environments | The...
Improving Software Delivery with DevOps & Software Defined Environments | The...
 
Agile application delivery trio webinar
Agile application delivery trio webinarAgile application delivery trio webinar
Agile application delivery trio webinar
 
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
Applying DevOps, PaaS and cloud for better citizen service outcomes - IBM Fe...
 
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
Hybrid Cloud: How to Get a Return from an Investment Made Three Decades Ago (...
 
The Advent of Serverless Technologies
The Advent of Serverless TechnologiesThe Advent of Serverless Technologies
The Advent of Serverless Technologies
 
What is Cloud Testing Everything you need to know.pdf
What is Cloud Testing Everything you need to know.pdfWhat is Cloud Testing Everything you need to know.pdf
What is Cloud Testing Everything you need to know.pdf
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native Applications
 
Exploring Cloud Native Architecture: Its Benefits And Key Components
Exploring Cloud Native Architecture: Its Benefits And Key ComponentsExploring Cloud Native Architecture: Its Benefits And Key Components
Exploring Cloud Native Architecture: Its Benefits And Key Components
 
Cloud Native Architecture: Its Benefits and Key Components
Cloud Native Architecture: Its Benefits and Key ComponentsCloud Native Architecture: Its Benefits and Key Components
Cloud Native Architecture: Its Benefits and Key Components
 
cloud value for application development
cloud value for application developmentcloud value for application development
cloud value for application development
 
Implementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsImplementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile Projects
 
Modernize applications and reduce TCO with Windows containers on Azure Servic...
Modernize applications and reduce TCO with Windows containers on Azure Servic...Modernize applications and reduce TCO with Windows containers on Azure Servic...
Modernize applications and reduce TCO with Windows containers on Azure Servic...
 

Último

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Testing 12-Factor Apps

  • 1. Testing 12-Factor Cloud Apps Phillip Marlow October 2022 Approved for Public Release; Distribution Unlimited. Case Number 22-3215 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 2. Too Long; Didn’t Listen  The flexibility and elasticity of cloud services allows better and more automated testing – if applications are designed to take advantage of it  Designing applications and services for the cloud provides increased testability and security  This makes applications more resilient against technical and environmental failures as well as attacks  It also improves the organization’s ability to deliver on their mission © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 3. > iam list-user-tags  Cloud Engineer: Designed and built both AWS and Azure environments for large teams  Systems Engineer: Focus on the overall system and process to deliver the system  Developer: 10+ years  DevOps Engineer: Automating build, test, deployment, and monitoring  Security Engineer: GSE #263, SANS Master’s Degree  Hacker: Speaker at DEF CON Cloud Village © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 4. Typical Application Promotion Process Development.env Test.env Production.env Application v1.0 Application v1.0 Application v1.0 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 5. Application Development Process Development Test Production Application v1.0- katherine Application v1.0-jenny Application v1.1 Application v1.0- katherine Application v1.0-jenny Application v1.1 Application v1.1 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 6. Mature Application Deployment Process Development Test Production Application v1.0- katherine Application v1.0-jenny Application v1.1 Application v1.0- katherine Application v1.0-jenny Application v1.1 – instance 1 Application v1.1 Application v1.1 – instance N Test App2 v2.1 App2 v2.1 App2 v2.1 © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 7. The Big Problem  Can multiple versions of an application be hosted in each environment?  This design creates choke points on work at each environment  Especially problematic for the test environment which may be shared by many users © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 8. Designing for the Cloud is Better  The Twelve-Factor App, developed by Adam Wiggins & Heroku  https://12factor.net/ Apps that:  Use declarative formats for setup automation, to minimize time and cost for new developers joining the project;  Have a clean contract with the underlying operating system, offering maximum portability between execution environments;  Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration;  Minimize divergence between development and production, enabling continuous deployment for maximum agility;  And can scale without significant changes to tooling, architecture, or development practices. © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 9. Twelve-Factor Alternatives  Microservices Reference Architecture from NGINX  https://www.nginx.com/blog/introducing-the-nginx-microservices- reference-architecture/  Beyond the Twelve-Factor App by Kevin Hoffman  https://www.oreilly.com/library/view/beyond-the-twelve- factor/9781492042631/ © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 10. I. Codebase  Partially solves the big problem of multiple deploys in an environment One codebase tracked in revision control, many deploys © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 11. II. Dependencies  No reliance on dependencies installed in the deployment environment makes it possible to scale the number of deployments and environments as needed Explicitly declare and isolate dependencies © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 12. III. Config  Separating environment specific configuration allows consistent and independent deployments  It also ensures that no changes need to be made to the system between environments, which could potentially compromise the integrity of previously run tests Store config in the environment © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 13. IV. Backing Services  By treating backing services, such as databases or APIs, as attached resources, we ensure the application is loosely coupled to those resources  This enforcement of loose coupling of components makes testing those components easier  While this may increase the number of integration tests, this approach ensures we have a thorough understanding of those integration points making developing integration tests easier Treat backing services as attached resources © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 14. V. Build, Release, Run  Testing can be run more frequently when build is separated from run  Ensures no code changes are possible at runtime, so earlier tests remain valid in the production environment Strictly separate build and run stages © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 15. X. Dev/Prod Parity  Independent tests results are applicable to the final deployment Keep development, staging, and production as similar as possible © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.
  • 16. Wins  Tests can be run simultaneously AND independently  It’s easy to add another instance of an app or a whole environment  Applications are designed for easy integration with other tools, including test orchestrators and cloud security platforms  Common operational patterns can be used to make the application more resilient against a variety of failures and attacks © 2022 THE MITRE CORPORATION. ALL RIGHTS RESERVED.