Building Security Guardrails into the Software Development Lifecycle

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2023-10-09
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
62+2
Series
Abstract
In a rapidly evolving digital world where new features of the applications are continuously being built, need for a proactive approach in mitigating the security vulnerabilities into the software applications, enforcing security practices within the developer workflows, placing context specific rules to maintain the security posture of the applications is essential. Security guardrails stand as a means, fostering the security shift-left principle and promoting DevSecOps culture. In this thesis, research was conducted on the security guardrails using the action research method. This thesis examined the need for security guardrails within the organizations and the advantages of implementing security guardrails for both security and development teams. Additionally, this thesis also assessed the efficacy of the implemented security guardrails at the case company and has proposed solutions to improve the process. Furthermore, the thesis also analyzed the developers point-of-view on the security guardrails to bridge the gap and enhance the collaboration between the security and development teams.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Blomberg, Vilma
Keywords
security guardrails, application security, DevSecOps, security shift-left, SDLC
Other note
Citation