Pattern #2 -Testing dependencies
Some applications use open source software. These softwares have security issues and bugs. These release dependencies must therefore be tested.
It is important to understand which version of each dependency is used: the latest version should not be applied systematically without control. Indeed, the different versions of software dependencies should be tested and validated. This is to ensure that they do not introduce any vulnerability in your software.
This kind of vulnerability is listed in the OWASP 2013 Top 10: “A9 — Use of Components with Known Vulnerabilities”.
It is therefore important to use a vulnerability database such as CVE (Common Vulnerabilities and Exposures — https://cve.mitre.org/) in order to identify the vulnerabilities of the dependencies used. There are tools that do these checks automatically, such as OAWSP’s Dependency-Check.
- Pattern #1: Promote a step-by-step migration by using the Strangler application model
- Pattern #2: Testing dependencies
- Pattern #3: Single or multi-repository pattern
- Pattern #4: Data migration
- Pattern #5: Have the changes approved by people close to the problems
More articles on my blog http://www.DevOpsTestLab.com.
My LinkedIn profile: https://fr.linkedin.com/in/brunodelb