BDD for Cloud Security


Developers, and operations and security teams need to collaborate on building and verifying that cloud architectures meet requirements for security. This Working Session will consider how Behaviour Driven Development (BDD) may be a useful tool to both specify and then verify that the appropriate security controls are in place.


  • Identify core security requirements for all cloud deployments, regardless of specific cloud technology
  • Write BDD specifications for those requirements (no implementation code, just specs)
  • Find existing tools/solutions that can be used as base implementations, e.g. Netflix’s Security Monkey? NCC Group AWS auditor?
  • Link specs to standards (CSA, NIST, etc.)?


The target audience for this Working Session is:

  • Cloud Security Architects
  • Security Teams
  • Cloud Ops

Back to list of all Working Sessions and Tracks

Edit this page here