Application Security Testing: An Integral Part of DevOps
Today most of the enterprise-wide systems are comprised of myriad of software applications. Typically these applications don't communicate with each other, which results in the information silos. These types of silo systems introduce many problems, such as duplicate data and information falling through the cracks. Lack of automated communication between these systems also leads to inefficiencies and overall slow business process. Due to this fact System Integration that was one of the least considered areas in IT is now receiving a lot of attention.
Types of Integration
All the applications in the enterprise are part of some business process. To integrate the IT Systems we need the knowledge of surrounding business processes, which can be modeled using IDEF0, BPMN, UML, etc. As System Integration is about communication between software systems, it can be done at below different levels.
The integration of systems is done at the data layer. There are many tools available today that do the schema mapping between different databases.
It integrates systems at the logical layer and is accomplished by implementing Service Oriented Architecture (SOA), messaging middleware or distributed computing model.
This is done using screen scrapers. The application is integrated through User Interface; a screen scraper reads the screen output and user actions are automated programmatically.
System Integration may include IT systems that span different organizations and there are many industry standards used in communication between these inter-organizational systems. These standards are basically the technical representation of data that is exchanged between them. Below is the set of main standards used in the industry.
UN/EDIFACT has been developed under the United Nations to provide a standard for administration, commerce and transport. It has replaced TRADACOMS, which was one of the oldest EDI standards. XML/EDIFACT standard allows using the XML syntax to represent the EDIFACT messages so that they can be used by the XML systems. UN/EDIFACT has been adopted by ISO as the ISO standard ISO 9735.
ANSI ASC X12
ANSI ASC X12 is the standard from US national standards body under ANSI for health care, insurance, government, transportation, and many other industries.
SWIFT is a cooperative under Belgian law. It has established common standards for financial transactions. SWIFT operates a worldwide financial messaging network which exchanges messages between banks and other financial institutions.
ODETTE is the standard for automotive industry and consists of over thirty messages. It is managed by ODETTE International in association with Society of Motor Manufacturers and Traders (SMMT).
ACCORD is a nonprofit standards development organization serving the insurance industry and related financial services industries. ACCORD standards describe various aspects of the life, health annuity, and insurance industries.