"When it comes to the fundamental principle of never testing in production, nearly every software engineer is guilty of breaking that rule at some point in their career. But this is not just a best practice; it is a keystone value meant to protect your reputation, your customers, and your sanity."
"However, sometimes developers do need to touch the end-user experience to reproduce an issue or test new functionality in situ. Some bugs will readily show up in your production environment once your software gets into the hands of end users."
"With the recent publication of its Secure Software Development Framework (SSDF), the National Institute of Standards and Technology (NIST) underscored the criticality of this best practice. Whenever developers do need to access production, every protection imaginable must be in place: monitoring, data-loss controls, minimized scope of access, multiple eyes of approval, multifactor authentication—just to name a few."
Collection
[
|
...
]