Building Security Guardrails into the Software Development Lifecycle

Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis

Authors

Date

2023-10-09

Department

Major/Subject

Security and Cloud Computing

Mcode

SCI3113

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

62+2

Series

Abstract

In a rapidly evolving digital world where new features of the applications are continuously being built, need for a proactive approach in mitigating the security vulnerabilities into the software applications, enforcing security practices within the developer workflows, placing context specific rules to maintain the security posture of the applications is essential. Security guardrails stand as a means, fostering the security shift-left principle and promoting DevSecOps culture. In this thesis, research was conducted on the security guardrails using the action research method. This thesis examined the need for security guardrails within the organizations and the advantages of implementing security guardrails for both security and development teams. Additionally, this thesis also assessed the efficacy of the implemented security guardrails at the case company and has proposed solutions to improve the process. Furthermore, the thesis also analyzed the developers point-of-view on the security guardrails to bridge the gap and enhance the collaboration between the security and development teams.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Blomberg, Vilma

Keywords

security guardrails, application security, DevSecOps, security shift-left, SDLC

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202310156405

Collections

[dipl] Perustieteiden korkeakoulu / SCI