USE OF DEVSECOPS APPROACH FOR INFORMATION SECURITY THREATS ANALYSIS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2021.14.2635

Keywords:

DevSecOps; security; information; threats; SaaS; SAST; DAST

Abstract

This article presents a study of the use of the DevSecOps approach to analyze modern threats. Defines a methodology to implement and adapt the DevSecOps approach. DevSecOps is presented in this article as an approach to the culture of developing, automating and designing an information platform that integrates security as a shared responsibility throughout the software development lifecycle. The approach described in this article helps to solve the problem of implementing security controls in the software development process. This approach allows organizations to continually integrate security into SDLC so that DevOps teams can quickly and efficiently develop secure applications. The possibility of implementing security in the early stages of software development in the workflow is being investigated, as it will allow to identify and eliminate security vulnerabilities and vulnerabilities faster. This concept is part of the "left shift" that shifts security testing to developers, allowing them to fix security issues in their code almost in real time, rather than waiting until the end of the SDLC, where security has been embedded in traditional development environments.Describes DevSecOps approach as business processes, which minimize the risks associated with modern threats and zero-day vulnerabilities. SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), SCA (Software Composition Analysis) analysis was used to assess the possibilities of using these technologies to optimize the process of secure software development. The DevSecOps process is presented for organizations that can easily integrate security into their existing practices of continuous integration and continuous delivery (CI / CD). The DevSecOps process in this article covers the entire SDLC from planning and design to coding, testing, and release, with continuous real-time feedback, and defined DevSecOps process technical controls in accordance with ISO 27001/02 and NIST standards.

Downloads

Download data is not yet available.

References

Mezak, S. (2018). Data Breaches Compromised 4.5 Billion Records in First Half of 2018.

(2018). https://www.sttinfo.fi/tiedote/data-breaches-compromised-45-billion-records-in-first-half-of-2018?publisherId=58763726releaseId=69844038.

Smeds, J., Nybom, K., & Porres, I. (2015). DevOps: A Definition and Perceived Adoption Impediments. У Lecture Notes in Business Information Processing (с. 166–177). Springer International Publishing. https://doi.org/10.1007/978-3-319-18612-2_14

Prates, L., Faustino, J., Silva, M., & Pereira, R. (2019). DevSecOps Metrics. У Information Systems: Research, Development, Applications, Education (с. 77–90). Springer International Publishing. https://doi.org/10.1007/978-3-030-29608-7_7

Kumar, R., & Goyal, R. (2020). Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC). Computers & Security, 97, 101967. https://doi.org/10.1016/j.cose.2020.101967

Susukailo, V., Opirskyy, I., & Vasylyshyn, S. (2020). Analysis of the attack vectors used by threat actors during the pandemic. У 2020 IEEE 15th International Conference on Computer Sciences and Information Technologies (CSIT). IEEE. https://doi.org/10.1109/csit49958.2020.9321897

Susukailo, V., Vasylyshyn, S., Opirskyy, I., Buriachok, V., Riabchun, O. (2021). Cybercrimes investigation via honeypots in cloud environments. CEUR Workshop Proceedingsthis link is disabled, 2021, 2923, 91–96.

Koskinen, A. (2019). DevSecOps: building security into the core of DevOps.

12 Things to Get Right for Successful DevSecOps. (2019). Gartner. https://www.gartner.com/en/documents/3978490/12-things-to-get-right-for-successful-devsecops

What is DevSecOps and Why Is It Important? | Sumo Logic. (2019). Sumo Logic. https://www.sumologic.com/insight/devsecops-rugged-devops

What is DevSecOps? Forcepoint. https://www.forcepoint.com/cyber-edu/devsecops

DevSecOps Process and Implementation. Software Engineering Institute. https://www.sei.cmu.edu/education-outreach/courses/course.cfm?coursecode=P141

The future of DevSecOps. https://faun.pub/the-future-of-devops-15-trends-for-2021-b3b8c59444ff

What is DevSecOps? https://www.jetbrains.com/ru-ru/teamcity/ci-cd-guide/what-is-devsecops/

Downloads


Abstract views: 305

Published

2021-12-30

How to Cite

Susukailo, V. . (2021). USE OF DEVSECOPS APPROACH FOR INFORMATION SECURITY THREATS ANALYSIS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(14), 26–35. https://doi.org/10.28925/2663-4023.2021.14.2635