Monitor your web application

We learned how to increase security using web controls such as HTTP headers, but to further ensure that they are kept in check we need to monitor them.

We'll cover the following

We learned how to increase security using web controls such as HTTP headers, but how do we ensure that we’re always up to date with security controls? How do we ensure there isn’t a regression next week where headers are removed from an HTTP response? This problem can get even more complicated if you’re working in a rich microservices environment, and need to account for more than a few services.

Monitoring and Shifting-left

We would ideally want to shift_leftshift_left as much of the monitoring activities as possible so we can ensure that problems are detected earlier in the process rather than after the fact.

We reviewed some tools in which we can easily create a CI integration during the build process. For example, we can leverage a full WebPageTest integration for both its performance and security insights by triggering an API call upon a successful website deployment to run an end-to-end build.

Furthermore, we can use command-line tools such as Check My Headers and others to validate that server responses are indeed conforming to a policy. This helps us shift left in application security testing and find issues earlier in the software development lifecycle.

Get hands-on with 1200+ tech skills courses.