| dc.rights.license | CC-BY-NC-ND | |
| dc.contributor.advisor | Moonsamy, V. | |
| dc.contributor.advisor | Overbeek, S. | |
| dc.contributor.author | Ahmed, A.M.A.A. | |
| dc.date.accessioned | 2019-02-26T18:00:22Z | |
| dc.date.available | 2019-02-26T18:00:22Z | |
| dc.date.issued | 2019 | |
| dc.identifier.uri | https://studenttheses.uu.nl/handle/20.500.12932/31896 | |
| dc.description.abstract | Context: Organizations have been using DevOps for several years now to enable faster delivery of software to the market. End-to-end DevOps is becoming the goal of organizations. Within this rapid development, security becomes a concern. Security has always been a separate silo that defines security requirements and demands for certain security controls to approve new software code. In most cases, security is involved at a later stage when it is expensive to make changes or apply fixes. Thus, it becomes an added layer on top of the application, rather than an integrated part. Objective: The goal of the research is to integrate security concepts in the development and the operation phases of software production. This includes understanding the meaning of application security and the risks that can be mitigated during the DevOps process. Method: The main method used in this research is Design Science Research as defined by Hevner and Chatterjee. Further, the following techniques were used; systematic literature review, interview, case study and focus group. The research starts by understanding the problem and the context where this problem emerges from. For this step, a literature review and a round of interviews took place. This was followed by a design science cycle where a solution of the problem is developed and improved based on the knowledge collected in the previous step. The two created artifacts resulted from a case study. To validate the results, a focus group session was planned where experts gave their feedback on the artifacts and the final artifacts are created. The results are reported in this thesis report. Results: This research results in two main artifacts, first the impact model. This model shows the main areas that will be touched when trying to implement security within a DevOps team. The second artifact is the DevSecOps framework that illustrates what security measures can be introduced in DevOps pipeline. Conclusion: It is possible to include security within a DevOps team. That will require the team to learn a new set of skills and to add new tools to the pipeline. It is cheaper to patch security issues as early as possible, therefore focusing on security has to happen in the planning phase of each increment. | |
| dc.description.sponsorship | Utrecht University | |
| dc.format.extent | 1283630 | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | en | |
| dc.title | DevSecOps: Enabling Security by Design in Rapid Software Development | |
| dc.type.content | Master Thesis | |
| dc.rights.accessrights | Open Access | |
| dc.subject.keywords | DevOps, DevSecOps, DevOps Security, Software Security, Application Security, Time to Market, Software Production. | |
| dc.subject.courseuu | Business Informatics | |
