Title: Continuous security in DevOps environment: Integrating automated security checks at each stage of continuous deployment pipeline
Language: English
Authors: Jawed, Mohammed 
Qualification level: Diploma
Advisor: Stapleton, Lawrence 
Issue Date: 2019
Number of Pages: 85
Qualification level: Diploma
Abstract: 
In this digital transformation, when the world is witnessing record security breaches, and hackers are getting bolder and more sophisticated, the development of software quickly is not enough; however, an organization must secure the applications also. To get the secure application out of delivery team hands organization must make security not only a priority but also a standardized part of a daily operational procedure. It will be possible only when an organization integrates security checks and practices throughout the software development lifecycle to better defend their applications and protect their brand values. Therefore, this thesis has outlined a secure DevOps delivery workflow to achieve continuous security by infusing security controls, tools, compliance, and industry best practices, and automated security checks at each stage of the software development cycle, so that all the security testing is done seamlessly through a continuous delivery pipeline. Secure DevOps delivery workflow designed in this thesis will allow organizations to make security as standardized part of a daily operational procedure and results into resilient organization and culture of “everyone responsible for security,” “Scaling through automation,” and “Measurable outcomes.” Moreover, it will save team effort to put into building a better, faster, cheaper and more secure product with a focus on delivery of customers centric features instead of fighting with security-related bugs and compliances and fend off more attacks, leading to an overall more protected system. The secure seven-stage workflow gateway presented in this thesis are Requirements, Plan, Secure Develop, Build, Test, Deploy and Continuous Monitoring fully integrated with security checks at each stage. It is applicable and relevant to all DevOps enabled organization to improve productivity, organizational security learning, shift security to the left, and transform the application release cycle to produce more secure applications. At the end of this thesis, its outline, The Secure DevOps work value stream, to help DevOps team members to evaluate proposed seven-stage gateway workflow and provide everyone in the value stream with the fastest possible feedback about the security of what they are creating, enabling them to quickly detect and correct security problems as part of their work, which enables learning and prevents future errors. Security testing DevOps toolchain, set of security tools integrated within Continuous deployment pipeline to auto checks security at each stage of the workflow, to help the delivery team identify and fix flaws earlier in the delivery process before flaws exposed to the public without impeding agility and this shift security to the left. Secure DevOps workflow model by building security into every stage of the secure development life cycle, from the security requirements stages onwards, and this makes everyone responsible for security. Contributions of this thesis consist of: a secure seven-stage continuous security workflow infused with security controls, compliances and best practices; flow of work across continuous security value stream; Anatomy of continuous security assurance model; Toolchain to infuse automated security checks during CI/CD pipeline.
Keywords: "Toolchain; continuous integration; continuous delivery; security testing; secure development; continuous monitoring; cybersecurity; Secure DevOps"
"Toolchain; continuous integration; continuous delivery; security testing; secure development; continuous monitoring; cybersecurity; Secure DevOps"
URI: https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-124776
http://hdl.handle.net/20.500.12708/8512
Library ID: AC15362607
Organisation: E017 - Continuing Education Center 
Publication Type: Thesis
Hochschulschrift
Appears in Collections:Thesis

Files in this item:

Show full item record

Page view(s)

66
checked on Jun 22, 2021

Download(s)

122
checked on Jun 22, 2021

Google ScholarTM

Check


Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.