IRIS

DevOps is becoming one of the most popular software development methodologies, especially for cloud-based applications. In spite of its popularity, it is still difficult to integrate non-functional requirements, such as security, in the full application development life-cycle. In some recent works, security DevOps (or SecDevOps) has been introduced, in order to enable the adoption of Security-by-Design principles in DevOps processes. In[4], a novel SecDevOps methodology was proposed to exploit such integration, but the security assessment and testing were performed with a static approach. In this paper, we propose to extend the SecDevOps methodology with the adoption of a novel security testing technique in order to dynamically test security properties in the operational phase, too. In order to validate the proposed approach, a cloud application case study involving the WordPress software module is presented and analyzed.

A cloud secdevops methodology: From design to testing / Casola, V.; De Benedictis, A.; Rak, M.; Salzillo, G.. - 1266:(2020), pp. 317-331. (Intervento presentato al convegno 13th International Conference on the Quality of Information and Communications Technology, QUATIC 2020 tenutosi a prt nel 2020) [10.1007/978-3-030-58793-2_26].

A cloud secdevops methodology: From design to testing

Casola V.;De Benedictis A.;
2020

Abstract

DevOps is becoming one of the most popular software development methodologies, especially for cloud-based applications. In spite of its popularity, it is still difficult to integrate non-functional requirements, such as security, in the full application development life-cycle. In some recent works, security DevOps (or SecDevOps) has been introduced, in order to enable the adoption of Security-by-Design principles in DevOps processes. In[4], a novel SecDevOps methodology was proposed to exploit such integration, but the security assessment and testing were performed with a static approach. In this paper, we propose to extend the SecDevOps methodology with the adoption of a novel security testing technique in order to dynamically test security properties in the operational phase, too. In order to validate the proposed approach, a cloud application case study involving the WordPress software module is presented and analyzed.
2020
978-3-030-58792-5
978-3-030-58793-2
A cloud secdevops methodology: From design to testing / Casola, V.; De Benedictis, A.; Rak, M.; Salzillo, G.. - 1266:(2020), pp. 317-331. (Intervento presentato al convegno 13th International Conference on the Quality of Information and Communications Technology, QUATIC 2020 tenutosi a prt nel 2020) [10.1007/978-3-030-58793-2_26].
4.1 Articoli in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/837700
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? ND
social impact