A framework to unify application security testing in DevOps environment

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis

Date

2021-08-23

Department

Major/Subject

Security and cloud computing

Mcode

SCI3113

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

68

Series

Abstract

In recent years, companies and organizations have increasingly integrated software security testing into the software development life cycle using DevOps practices. The current integration approach introduces multiple challenges in an information technology environment that consists of a large number of software development projects and multiple software security testing tools. This thesis aims to address these challenges by proposing a microservice-based framework to unify application security testing. The thesis first identifies the challenges, then proposes a design for a framework based on relevant literature and common characteristics of application security testing tools. The main components of the proposed framework are implemented and evaluated. The evaluation result shows that the framework offers many benefits: more secure credential management process, reduced execution time for CI (continuous integration) pipelines, and more efficient project onboarding and management. Furthermore, the integration of the proposed framework does not introduce major security threats to the current environment.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Lehto, Jouni

Keywords

application security testing, software security, security in DevOps, microservice framework

Other note

Citation