+++
title = "Testing Introduction"
chapter = false
weight = 1
+++

In this module, we're going to instrument security testing within the CI/CD process.  Modernized applications look to shift security left.  By enabling security testing sooner in the development process developers can receive feedback while the software change is still top of mind.  

In traditional software development processes security testing is not performed until one of the final checks before release to production.  With this scenario, feedback to the developer is often delayed weeks or even months from the time code was commited.  This type of delay causes toil with developers as now there are 100's if not 1000's of changes that need to be reviewed.  

By instrumenting tests early in the development cycle developers receive timely feedback.  When done in the pipeline the process can trigger the build to fail and alert developers to an issue with the latest commit and prevent risky software changes from being rolled out to production.  

![Defect cost](/images/defect-cost.png)