Load/stress tests  

It's about the app performance, we will apply a set of tools to start a huge load targeting many API links, we will check the app stability and robustness.

Tools to be used:

• hey
• wrk 
• locust 
• siege

SAST

We will apply static analysis security tests to check for potential security flaws on the base code.

Tools to be used:

• Nodejsscan
• Sonarqube

Server Configs

Validating reverse proxy configuration for any miss-configuration, add security headers, and forbidden access to any automated attack tool.

Tools to be used:

• Gixy : validation
• Nginx internal security config

What's next ?

Don't repeat the same task every time, do it once, then automate it!

Automated, generic, and reliable CI/CD with suitable tests and deployment strategy to enhance team velocity and productivity.