Building Security Guardrails into the Software Development Lifecycle
No Thumbnail Available
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud Computing
Master’s Programme in Security and Cloud Computing (SECCLO)
AbstractIn a rapidly evolving digital world where new features of the applications are continuously being built, need for a proactive approach in mitigating the security vulnerabilities into the software applications, enforcing security practices within the developer workflows, placing context specific rules to maintain the security posture of the applications is essential. Security guardrails stand as a means, fostering the security shift-left principle and promoting DevSecOps culture. In this thesis, research was conducted on the security guardrails using the action research method. This thesis examined the need for security guardrails within the organizations and the advantages of implementing security guardrails for both security and development teams. Additionally, this thesis also assessed the efficacy of the implemented security guardrails at the case company and has proposed solutions to improve the process. Furthermore, the thesis also analyzed the developers point-of-view on the security guardrails to bridge the gap and enhance the collaboration between the security and development teams.
Thesis advisorBlomberg, Vilma
security guardrails, application security, DevSecOps, security shift-left, SDLC