Building Application Security in the Azure DevOps Pipeline
Security testing is an essential part of the SDLC and one that cannot be neglected. With DevOps practices taking centre-stage for software development, adding security testing to your CI/CD pipelin...
beaglesecurity.com
Security testing is a critical component of the SDLC that should not be overlooked. With DevOps practises taking centre stage in software development, including security testing in your CI/CD pipeline is more important than ever before as you ship new features faster than ever before.
When we say "Application security" usually we mean Authentication and IAM, I'm not really following what application security has to do with a Azure DevOps pipeline. This just seems like an ad and an unclear one at that.
Authorization and authentication is not part of Application Security. Although as part of an application they might be affected by Application Security. You kind of have a wrong understanding of the terminus. Wikipedia might be a good resource to get a correct overview how the terminus is generally used. https://en.m.wikipedia.org/wiki/Application_security
All I can really say is LOL:
And
Did you even read the wiki page before you posted on here?
"Application security" === "measures taken to improve the security of an application".
Running penetration tests in an Azure DevOps pipeline might be a good "measure taken to improve the security of an application", therefore the article holds the promise of its title.
As authZ/authN are part of an application or an application by itself, they might need "measures taken to improve the security of that said application" and therefore might be affected by "Application security". Thats why they are listed on the wiki, together with Cryptography, Configuration management, Parameter Manipulation, SQL Injection, XSS, ...
So when we say "Application security" we usually do not mean Authentication and IAM per se.
I can feel with you that you felt disappointed that the article didn't deal with authN, authZ and IAM as you expected. But the author has a valid point.
Btw: good catch with the term "terminus".