Automation and Scripting – SY0-601 CompTIA Security+ : 2.3

One challenge for any developer is the process of creating and publishing application updates. In this video, you’ll learn about continuous integration, continuous delivery, and continuous deployment.

<< Previous Video: Software Diversity Next: Authentication Methods >>



The application development process is a constantly moving and constantly changing process. And it becomes important to be able to keep up with these changes, not only so that the application can change, but so that the security based on that application can stay up to date. We can also create automation around the deployment of these applications and automation based on how we react to problems that might occur when that application is executing.

For example, if we know that the storage area of log files for an application was to fill up, it would cause the application to fail. So we might want to constantly monitor that particular drive and make sure that it never gets to a point where it gets too full or too highly utilized. If we do constantly monitor this drive, and we notice that it’s running out of drive space, we can then automatically work behind the scenes to delete any older files or free up any needed disk space. These checks become especially important for cloud-based technologies because they may be automatically provisioned and deprovisioned. And we need to perform checks when we’re provisioning and adding that application instance and perform other checks when we’re deprovisioning that application.

One important place to use this automation is when we are doing Continuous Integration, or CI. This is when the application developers may constantly be updating an application and perhaps even merging it into a central repository many times a day. This, of course, could open up the potential for a security issue. So we need to make sure that we have the automation in place to perform these security checks.

If a developer checks in some new code, then there are some automated security checks that we know have to be made. And then we need to evaluate the updated code with the existing set of security baselines. Once the software comes out of the development process, there might be even more extensive security checks made so that we can be sure that anything deployed to production will be as safe as possible.

If we can automate the checks during the development process, then we should also be able to automate the checks during the testing process. This is called continuous delivery, where we’re going to automate the testing and the release of this particular application. Our automated security checks will occur during the testing process. And it will wait for us to click a button to deploy this application into production.

If you want to have the entire process automated, we refer to that as continuous deployment. With continuous deployment, we’re not waiting for a human being to click a button and send that application into production. Instead, the entire testing process and the deployment process is automated. If a problem is found during that testing process, the application will obviously not be pushed to production. But if all of our automated security checks go through all of the code, and everything looks perfect, we can automatically send that to production without any delays at all.