Test security as code with the Test Pyramid

In this story, I give some examples how to apply the Test Pyramid of Mike Cohn to security.

Once you follow the Security-as-Code concept, you can also apply the Test Pyramid (Mike Cohn, 2005) to security testing. In this document, you will have a quick introduction to a security tool of each level of the pyramid:

• OWASP ZAP,
• Gauntlt,
• ServerSpec.

The Test Pyramid (Mike Cohn, 2005)