NCI WEBSITE
NORMA eResearch @NCI Library

Enhancing Web App Security in CI/CD Pipeline: A DevSecOps Framework with Open-Source Tools

Tools

Variammattu Sasi, Arjun (2024) Enhancing Web App Security in CI/CD Pipeline: A DevSecOps Framework with Open-Source Tools. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (874kB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (831kB) | Preview

Abstract

The thesis provides a well thought-out DevSecOps framework for web applications that specifically addresses the urgent need to integrate security into CI/CD pipeline in an unobtrusive manner. The framework automates the process of security testing through SAST, DAST while at the same time adopting manual penetration testing approaches. Implemented on AWS platforms through the GitLab CI/CD pipeline, it simplifies security assessment and improves deployment effectiveness. This is facilitated by a major aspect of the framework which is its capability to combine tool outputs thereby enabling unified security audit report generation. Empirical evaluation and case studies demonstrate the practicality and efficacy of the proposed solution in enhancing the security posture of web applications. By developing an exhaustive approach to security testing based on tools, this thesis advances DevSecOps practices thus filling an important void in existing literature for developers and stakeholders with concrete takeaways.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Pantridge, Michael
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software
T Technology > T Technology (General) > Information Technology > Computer software
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 05 Jun 2025 11:06
Last Modified: 05 Jun 2025 11:06
URI: https://norma.ncirl.ie/id/eprint/7753

Actions (login required)

View Item View Item