Software applications are complex and can be vulnerable to a wide variety of security problems. Company culture often places security in the final phase of the software development life cycle.
DevSecOps is focused on shifting security to the left - that is, instead of adopting an incident response system, everyone is accountable for security up front, even in the planning stages.
The goal of this paper takes this approach, a DevSecOps lifecycle will be implemented addressing continuous integration and automated security testing as part of the workflow.
In this way, security issues will be tracked to ensure early identification of any risks.
This is to demonstrate that DevSecOps merges security, development, and operations to work together and achieve a common goal by making improvements to processes, tools, and team collaborations.
In essence, DevSecOps has changed the very nature of how application security should be implemented and refers to built-in security and not your security perimeter.
The SDLC lays the foundations for the different stages that software development goes through in an organization, from the ning of its planning from a ment until it ends once it is implemented in production.
These five stages are the planning or definition of software ments, analysis, technical design, implementation or coding, and the testing and integration phase, and deployment and maintenance.
It is a cyclical development process whose main objective is to build al and quality software that adjusts to the customer´s demand according to their needs, by delivering it on schedule.
Taking into account the different phases, development methodologies have been adapted to market demands, making business processes much more flexible with product deliveries in less time and adjusting to project cost estimates.
Similarly, in recent years, the number of vulnerabilities discovered has grown considerably as a result of unprecedented access to information and computing assets.
Some factors that increase the attack surface are increased virtualization (through application containers), the emergence of smart devices and IoT, and cloud computing, among others.
However, it is frequent that the development departments of many organizations do not apply security practices due to laziness or lack of awareness, with pretexts such as "our application is not a target for cybercriminals", "it uses https protocol", "it is protected through a firewall", and a long etcetera.
There is a need to incorporate security and eliminate the belief that the application of these security measures should be introduced in the last stage of a product development and change the culture of awareness assuming that security is imperative from the ning of the SDLC.
And this is so because the cost of solving any security problem is higher the later it is detected.
Therefore, the adoption of security practices in the DevOps philosophy is an imperative element to guarantee the secure construction (confidentiality, availability and integrity) of the software.
With the development of this Master´s Thesis, it is emphasized that the incorporation of security measures in the early phases of software development supposes a saving in general costs for any organization and that security must adopt an approach of shared responsibility for all members IT teams: security, development and operations.
It has been n that using free and/or open source tools it is possible to implement a software development life cycle (SDLC) efficiently, quickly and safely in any business environment.
It has also become clear that the implementation of task automation processes is absolutely necessary to achieve the objective of launching software applications quickly and sustainably, complying with data security standards.