OpenStack Summit May 2015 Vancouver has ended
Back To Schedule
Monday, May 18 • 5:30pm - 6:10pm
OpenStack Security CI/CD Way

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!


As OpenStack becomes popular, Continuous Integration and Continuous Deployment (CI/CD) of OpenStack is gaining attention. Customers need the ability to deploy multiple times every day to meet their business needs. This is a huge challenge to application security.   Traditional web application security testing and API security testing are manual processes aided by various tools. The tests are time consuming and lack consistence. It is almost impossible to embed these types of security testing into CI/CD process. 


In Rackspace, security engineering team is working with quality engineers and developers to integrate security testing into CI/CD process. Security engineering team uses the same framework/tool that quality engineer use to ease integration. Currently we are focusing on API security testing automation and web application security testing. We are working on a couple of approaches to integrate security-testing cases with QE testing framework. The security test cases cover necessary security checks including common security vulnerability checks and some product specific checks. These security test cases can be run by anyone from the team. They can also be invoked as Jenkins jobs as part of integration test. The failed security test cases indicate some types of security defects and need to be remediated. 


The security testing automation improves the consistency, repeatability and auditability of our security testing process. Security testing within CI/CD process can detect security defect in early stage and reduce remediation costs.  

avatar for Jim Freeman

Jim Freeman

Director, Quality and Security Engineering, Rackspace Hosting
Jim is a Director of Quality and Security Engineering at Rackspace. Jim has successfully built a team of specialized security engineers that is part of the development, quality, and delivery process at Rackspace. Jim felt that the best way to interconnect and ensure security testing... Read More →

Monday May 18, 2015 5:30pm - 6:10pm PDT
Room 211

Attendees (0)