DevSecOps adoption: Improving visibility in application security
Tiensuu, Tuomas (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022120927642
https://urn.fi/URN:NBN:fi:amk-2022120927642
Tiivistelmä
For organizations to be able to build digital products that are as secure as possible for their customers, security must be implemented in every phase of the software development life cycle. Good application security management and security improvements require good visibility of security activities in the SDLC. This research studied visibility in application security, and what factors are important to consider when aiming to improve visibility.
The action research method was used in this study. The theoretical part consists of an introduction to modern software development, DevOps practices and security automation, where visibility is needed. The section also demonstrates the standards and certifications widely used in the field, as well as various activities during the secure software development lifecycle.
The primary goal of this study was to amplify the most important issues that should be considered when developing application security visibility. The secondary goal was to define the key roles in the organization that need visibility, so that software development could be performed securely and following best practices.
The research showed that when improving application security visibility, it is necessary to pay attention to the impact of the security findings provided by the visibility, and how the situation can be enhanced during the entire software development life cycle. It is very important to provide visibility to the various stakeholders in the organization, so that any actions can be taken to improve application security. However, the focus should be on the business impact, the most accurate situational awareness, and clear guidelines, that can be used to improve application security.
The action research method was used in this study. The theoretical part consists of an introduction to modern software development, DevOps practices and security automation, where visibility is needed. The section also demonstrates the standards and certifications widely used in the field, as well as various activities during the secure software development lifecycle.
The primary goal of this study was to amplify the most important issues that should be considered when developing application security visibility. The secondary goal was to define the key roles in the organization that need visibility, so that software development could be performed securely and following best practices.
The research showed that when improving application security visibility, it is necessary to pay attention to the impact of the security findings provided by the visibility, and how the situation can be enhanced during the entire software development life cycle. It is very important to provide visibility to the various stakeholders in the organization, so that any actions can be taken to improve application security. However, the focus should be on the business impact, the most accurate situational awareness, and clear guidelines, that can be used to improve application security.