Security based DevOps Strategy for Secure Software development cylce

Overview

One of the major challenges in the development of applications is to identify and remediate code vulnerabilities before the application goes live. To safeguard applications, our team introduced the DevSecOps strategy in the software development cycle that combines development, operation, and security strategy. OptiSol teamed up with a Canada-based healthcare organization for building an enterprise platform and we have incorporated the DevSecOps process where security plays a part in the production cycle. This automatic process has in turn minimized the risks of data breaches and vulnerabilities through adaption of static and dynamic code analysis .

Business Challenges

Code deployment to different environments is done manually

During deployments, there are chances of including incorrect API keys or configurations

Error prone as deployments are done manually

Security verification had to be done manually as a separate process.

Solution Overview

Pipeline created using AWS code build

Automated the process of building executable/ packages using code build

Depending on configuration executable deployed to the right environment

API Keys/accounts are configured for different environments to avoid incorrect references.

Static and dynamic security assessments are done to avoid any vulnerabilities

Code build , static code analysis, dynamic security assessment and functional testing are automated

Business Benefits

Productivity improvement as the deployment is fully automated

Every commit to the code base undergoes stringent processes defined as pipeline to improve quality

Avoidance of incorrect API keys references /configuration going in production.

Architecture Diagram

Free Consulting