ASPM in Action: Managing Application Risk in DevSecOps
Keywords:
Application Security Posture Management (ASPM), DevSecOps, Application Risk ManagementAbstract
Under modern DevSecOps, managing application risk within dynamic CI/CD pipelines has gotten increasingly complex. Development of Application Security Posture Management (ASPM) is a strong approach to provide amid this chaos. This study investigates how ASPM may be included into modern DevSecOps processes to provide a coherent, real-time view of application security vulnerabilities. Teams may utilize their ASPM to improve visibility, correlate vulnerabilities over the program lifetime & prioritize their serious concerns rather than juggling a jumble of security solutions & too frequent alarms. The paper looks at the problems developers, security engineers & also operations teams face including scattered tools, alert fatigue & the continuous pressure to produce quickly without compromising security. It underlines how ASPM systems ensure more compliance, enable automated policy enforcement & support fast, risk-informed decision-making. By means of centralized dashboards, contextual risk assessment & more intelligent links with CI/CD systems, ASPM helps businesses go from more reactive patching to proactive, scalable security. This article shows how Application Security Posture Management (ASPM) can turn application security from a constraint into a tool for business success, therefore helping both beginners & those looking to improve their risk management strategy in DevSecOps.
Downloads
References
Zaydi, Mounia, and Bouchaib Nassereddine. "DevSecOps practices for an agile and secure IT service management." Journal of Management Information and Decision Sciences 23.2 (2020): 1-16.
FORCE, AIR. "The Official Guide to the Air Force Officer Classification Codes." (2015).
Atluri, Anusha. “Extending Oracle HCM Cloud With Visual Builder Studio: A Guide for Technical Consultants ”. Newark Journal of Human-Centric AI and Robotics Interaction, vol. 2, Feb. 2022, pp. 263-81
Heilmann, Jonas. "Application Security Review Criteria for DevSecOps Processes." (2020).
Desai, Rajavi, and T. N. Nisha. "Best practices for ensuring security in devops: A case study approach." Journal of Physics: Conference Series. Vol. 1964. No. 4. IOP Publishing, 2021.
Battina, Dhaya Sindhu. "The Challenges and Mitigation Strategies of Using DevOps during Software Development." International Journal of Creative Research Thoughts (IJCRT), ISSN (2021): 2320-2882.
Vasanta Kumar Tarra, and Arun Kumar Mittapelly. “Future of AI & Blockchain in Insurance CRM”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING (JRTCSE), vol. 10, no. 1, Mar. 2022, pp. 60-77
Hsu, Tony Hsiang-Chih. Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps. Packt Publishing Ltd, 2018.
Yasodhara Varma. “Graph-Based Machine Learning for Credit Card Fraud Detection: A Real-World Implementation”. American Journal of Data Science and Artificial Intelligence Innovations, vol. 2, June 2022, pp. 239-63
. Sun, Xiaohan, et al. "Design and Implementation of Security Test Pipeline based on DevSecOps." 2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). Vol. 4. IEEE, 2021.
Kupunarapu, Sujith Kumar. "AI-Enabled Remote Monitoring and Telemedicine: Redefining Patient Engagement and Care Delivery." International Journal of Science And Engineering 2.4 (2016): 41-48.
Plant, O. H. DevOps under control: development of a framework for achieving internal control and effectively managing risks in a DevOps environment. MS thesis. University of Twente, 2019.
Atluri, Anusha, and Teja Puttamsetti. “Engineering Oracle HCM: Building Scalable Integrations for Global HR Systems ”. American Journal of Data Science and Artificial Intelligence Innovations, vol. 1, Mar. 2021, pp. 422-4
Hong, Jin-Keun. "Component analysis of DevOps and DevSecOps." Journal of The Korea Convergence Society 10.9 (2019): 47-53.
Anand, Sangeeta, and Sumeet Sharma. “Hybrid Cloud Approaches for Large-Scale Medicaid Data Engineering Using AWS and Hadoop”. International Journal of Emerging Trends in Computer Science and Information Technology, vol. 3, no. 1, Mar. 2022, pp. 20-28
Ahmed, Zaheeruddin, and Shoba C. Francis. "Integrating security with devsecops: Techniques and challenges." 2019 International Conference on Digitization (ICD). IEEE, 2019.
Syed, Ali Asghar Mehdi. “Edge Computing in Virtualized Environments: Integrating Virtualization and Edge Computing for Real-Time Data Processing”. Essex Journal of AI Ethics and Responsible Innovation, vol. 2, June 2022, pp. 340-63
Mayoral-Vilches, Víctor, et al. "Devsecops in robotics." arXiv preprint arXiv:2003.10402 (2020).
Morales, Jose Andre, et al. "Security impacts of sub-optimal DevSecOps implementations in a highly regulated environment." Proceedings of the 15th International Conference on Availability, Reliability and Security. 2020.
Sangeeta Anand, and Sumeet Sharma. “Automating ETL Pipelines for Real-Time Eligibility Verification in Health Insurance”. Essex Journal of AI Ethics and Responsible Innovation, vol. 1, Mar. 2021, pp. 129-50
Immaneni, Jayaram. "Securing Fintech with DevSecOps: Scaling DevOps with Compliance in Mind." Journal of Big Data and Smart Systems 2.1 (2021).
Yasodhara Varma Rangineeni, and Manivannan Kothandaraman. “Automating and Scaling ML Workflows for Large Scale Machine Learning Models”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 6, no. 1, May 2018, pp. 28-41
Kumar, Rakesh, and Rinkaj Goyal. "When security meets velocity: Modeling continuous security for cloud applications using DevSecOps." Innovative Data Communication Technologies and Application: Proceedings of ICIDCA 2020. Springer Singapore, 2021.
Vasanta Kumar Tarra. “Policyholder Retention and Churn Prediction”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 10, no. 1, May 2022, pp. 89-103
Woody, Carol, et al. "DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges." The Journal on Systemics, Cybernetics and Informatics: JSCI 18.5 (2020): 31-36.
