It's about the app performance, we will apply a set of tools to start a huge load targeting many API links, we will check the app stability and robustness.
Tools to be used:
hey
wrk
locust
siege
SAST
We will apply static analysis security tests to check for potential security flaws on the base code.
Tools to be used:
Nodejsscan
Sonarqube
Server Configs
Validating reverse proxy configuration for any miss-configuration, add security headers, and forbidden access to any automated attack tool.
Tools to be used:
Gixy : validation
Nginx internal security config
What's next ?
Don't repeat the same task every time, do it once, then automate it!
Automated, generic, and reliable CI/CD with suitable tests and deployment strategy to enhance team velocity and productivity.