A framework to unify application security testing in DevOps environment

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2021-08-23
Department
Major/Subject
Security and cloud computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
68
Series
Abstract
In recent years, companies and organizations have increasingly integrated software security testing into the software development life cycle using DevOps practices. The current integration approach introduces multiple challenges in an information technology environment that consists of a large number of software development projects and multiple software security testing tools. This thesis aims to address these challenges by proposing a microservice-based framework to unify application security testing. The thesis first identifies the challenges, then proposes a design for a framework based on relevant literature and common characteristics of application security testing tools. The main components of the proposed framework are implemented and evaluated. The evaluation result shows that the framework offers many benefits: more secure credential management process, reduced execution time for CI (continuous integration) pipelines, and more efficient project onboarding and management. Furthermore, the integration of the proposed framework does not introduce major security threats to the current environment.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Lehto, Jouni
Keywords
application security testing, software security, security in DevOps, microservice framework
Other note
Citation