Security Assurance in DevOps Methodologies and Related Environments

Authors

  • Grzegorz Siewruk Warsaw University of Technology Orange Poland
  • Wojciech Mazurczyk Warsaw University of Technology
  • Andrzej Karpiński Orange Poland

Abstract

The biggest software development companies conduct daily more than hundreds deployments which influence currently operating IT (Information Technology) systems. This is possible due to the availability of automatic mechanisms which are providing their functional testing and later applications deployment. Unfortunately, nowadays, there are no tools or even a set of good practices related to the problem on how to include IT security issues into the whole production and deployment processes. This paper describes how to deal with this problem in the large mobile telecommunication operator environment. 

References

Abubaker Wahaballa, O. W. Toward unified DevOps model . 2015 6th IEEE International Conference on Software Engineering and Service Science (ICSESS).

Adnan Masood, J. J. Static analysis for web service security - Tools & techniques for a secure development life cycle. 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

Center for Internet Security. Pobrano z lokalizacji https://www.cisecurity.org/cis-benchmarks/

Chirag Doshi, D. D. A Peek into an Agile Infected Culture . 2009 Agile Conference.

Daniel Stahl, K. H. Continuous Integration and Delivery Traceability in Industry: Needs and Practices . 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA).

Gordon, A. The Hybrid Cloud Security Professional. IEEE Cloud Computing ( Volume: 3, Issue: 1, Jan.-Feb. 2016 ) .

H. Drucker, Donghui Wu, V.N. Vapnik, Support vector machines for spam categorization, IEEE Transactions on Neural Networks ( Volume: 10 , Issue: 5 , Sep 1999 )

Hongchen Gui, Qiliang Liang, Zhiqiang Li, An improved AD-LDA topic model based on weighted Gibbs sampling, 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)

Ionel Gordin, A. G. Security Assessment of OpenStack cloud using outside and inside software tools. 14th International Conference on DEVELOPMENT AND APPLICATION SYSTEMS, Suceava, Romania, May 24-26, 2018.

Lindita Nebiu Hyseni, A. I. Comparison of the cloud computing platforms provided by Amazon and Google . 2017 Computing Conference.

Marco Anisetti, C. A. A Security Benchmark for OpenStack. 2017 IEEE 10th International Conference on Cloud Computing.

Nishant Kumar Singh, S. T. Automated provisioning of application in IAAS cloud using Ansible configuration management . 2015 1st International Conference on Next Generation Computing Technologies (NGCT).

OWASP. Pobrano z lokalizacji https://www.owasp.org/index.php/Main_Page

P. P. W. Pathirathna, V. A. Security testing as a service with docker containerization . 2017 11th International Conference on Software, Knowledge, Information Management and Applications (SKIMA).

Shruti Kapil, Meenu Chawla, Mohd Dilshad Ansari, On K-means data clustering algorithm with genetic algorithm, 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC)

Shubham Awasthi, A. P. Openstack-paradigm shift to open source cloud computing & its integration . 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I).

Turki Alharkan, P. M. IDSaaS: Intrusion Detection System as a Service in Public Clouds. 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

Wu Qianqian, L. X. Research and design on Web application vulnerability scanning service . 2014 IEEE 5th International Conference on Software Engineering and Service Science.

Xuexiu Chen, C. C. A Cloud Security Assessment System Based on Classifying and Grading. IEEE CLOUD COMPUTING PUBLISHED BY THE IEEE COMPUTER SOCIET Y.

Yasuharu Katsuno, A. K. Security, Compliance, and Agile Deployment of Personal Identifiable Information Solutions on a Public Cloud. 2016 IEEE 9th International Conference on Cloud Computing.

Ziqiang Zhou, C. S. Research and Implementation of Mobile Application Security Detection Combining Static and Dynamic. 2018 10th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA).

Downloads

Published

2024-04-19

Issue

Section

Cryptography and Cybersecurity