A cloud secdevops methodology: From design to testing

DevOps is becoming one of the most popular software development methodologies, especially for cloud-based applications. In spite of its popularity, it is still difficult to integrate non-functional requirements, such as security, in the full application development life-cycle. In some recent works, security DevOps (or SecDevOps) has been introduced, in order to enable the adoption of Security-by-Design principles in DevOps processes. In[4], a novel SecDevOps methodology was proposed to exploit such integration, but the security assessment and testing were performed with a static approach. In this paper, we propose to extend the SecDevOps methodology with the adoption of a novel security testing technique in order to dynamically test security properties in the operational phase, too. In order to validate the proposed approach, a cloud application case study involving the WordPress software module is presented and analyzed.