Enhancing and integration of security testing in the development of a microservices environment
Orazi, Gabriele (2020-10-28)
Enhancing and integration of security testing in the development of a microservices environment
Orazi, Gabriele
(28.10.2020)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2020110689615
https://urn.fi/URN:NBN:fi-fe2020110689615
Tiivistelmä
In the last decade, web application development is moving toward the adoption of Service-Oriented Architecture (SOA). Accordingly to this trend, Software as a Service (SaaS) and Serverless providers are embracing DevOps with the latest tools to facilitate the creation, maintenance and scalability of microservices system configuration.
Even if within this trend, security is still an open point that is too often underestimated. Many companies are still thinking about security as a set of controls that have to be checked before the software is used in production. In reality, security needs to be taken into account all along the entire Software Development Lifecycle (SDL).
In this thesis, state of the art security recommendations for microservice architecture are reviewed, and useful improvements are given. The main target is for secure to become integrated better into a company workflow, increasing security awareness and simplifying the integration of security measures throughout the SDL.
With this background, best practices and recommendations are compared with what companies are currently doing in securing their service-oriented infrastructures. The assumption that there still is much ground to cover security-wise still standing. Lastly, a small case study is presented and used as proof of how small and dynamic startups can be the front runners of high cybersecurity standards. The results of the analysis show that it is easier to integrate up-to-date security measures in a small company.
Even if within this trend, security is still an open point that is too often underestimated. Many companies are still thinking about security as a set of controls that have to be checked before the software is used in production. In reality, security needs to be taken into account all along the entire Software Development Lifecycle (SDL).
In this thesis, state of the art security recommendations for microservice architecture are reviewed, and useful improvements are given. The main target is for secure to become integrated better into a company workflow, increasing security awareness and simplifying the integration of security measures throughout the SDL.
With this background, best practices and recommendations are compared with what companies are currently doing in securing their service-oriented infrastructures. The assumption that there still is much ground to cover security-wise still standing. Lastly, a small case study is presented and used as proof of how small and dynamic startups can be the front runners of high cybersecurity standards. The results of the analysis show that it is easier to integrate up-to-date security measures in a small company.