- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 91 to 92 of 92 (0.108 seconds)| 91 |
<b>The Significance of Automating the Integration of Security and Infrastructure as Code in Software Development Life Cycle</b>Hephzibah Adaeze Igwe (19213285) 28 July 2024 (has links)
<p dir="ltr">The research focuses on integrating automation, specifically security and Infrastructure as Code (IaC), into the Software Development Life Cycle (SDLC). This integration aims to enhance the efficiency, quality, and security of software development processes. The study explores the benefits and challenges associated with implementing DevSecOps practices, which combine development, security, and operations into a unified process.</p><h3>Background and Motivation</h3><p dir="ltr">The rise of new technologies and increasing demand for high-quality software have made software development a crucial aspect of business operations. The SDLC is essential for ensuring that software meets user requirements and maintains high standards of quality and security. Security, in particular, has become a critical focus due to the growing threat of cyber-attacks and data breaches. By integrating security measures early in the development process, companies can better protect their software and data.</p><h3>Objectives</h3><p dir="ltr">The primary objectives of this research are:</p><ol><li><b>Examine the Benefits and Challenges</b>: To investigate the advantages and difficulties of integrating DevSecOps and IaC within the SDLC.</li><li><b>Analyze Impact on Security and Quality</b>: To assess how automation affects the security and quality of software developed through the SDLC.</li><li><b>Develop a Framework</b>: To create a comprehensive framework for integrating DevSecOps and IaC into the SDLC, thereby improving security and reducing time to market.</li></ol><h3>Methodology</h3><p dir="ltr">The research employs a mixed-methods approach, combining qualitative and quantitative methods:</p><ul><li><b>Qualitative</b>: A literature review of existing research on DevSecOps, IaC, and SDLC, providing a theoretical foundation and context.</li><li><b>Quantitative</b>: Building a CI/CD (Continuous Integration/Continuous Deployment) pipeline from scratch to collect empirical data. This pipeline serves as a case study to gather insights into how automation impacts software security and quality.</li></ul><h3>Tools and Technologies</h3><p dir="ltr">The study utilizes various tools, including:</p><ul><li><b>GitHub</b>: For version control and code repository management.</li><li><b>Jenkins</b>: To automate the CI/CD pipeline, including building, testing, and deploying applications.</li><li><b>SonarQube</b>: For static code analysis, detecting code quality issues, and security vulnerabilities.</li><li><b>Amazon Q</b>: An AI-driven tool used for code generation and security scanning.</li><li><b>OWASP Dependency-Check</b>: To identify vulnerabilities in project dependencies.</li><li><b>Prometheus and Grafana</b>: For monitoring and collecting metrics.</li><li><b>Terraform</b>: For defining and deploying infrastructure components as code.</li></ul><h3>Key Findings</h3><ul><li><b>Reduction in Defect Density</b>: Automation significantly reduced defect density, indicating fewer bugs and higher code quality.</li><li><b>Increase in Code Coverage</b>: More comprehensive testing, leading to improved software reliability.</li><li><b>Reduction in MTTR, MTTD, and MTTF</b>: Enhanced system reliability and efficiency, with faster detection and resolution of issues.</li><li><b>Improved System Performance</b>: Better performance metrics, such as reduced response time and increased throughput.</li></ul><h3>Conclusion</h3><p dir="ltr">The study concludes that integrating security and IaC automation into the SDLC is crucial for improving software quality, security, and development efficiency. However, despite the clear benefits, many companies are hesitant to adopt these practices due to perceived challenges, such as the upfront investment, complexity of implementation, and concerns about ROI (Return on Investment). The research underscores the need for continued innovation and adaptation in software development practices to meet the evolving demands of the technological landscape.</p><h3>Areas for Further Research</h3><p dir="ltr">Future studies could explore the broader impact of automation on developer productivity, job satisfaction, and long-term security practices. There is also potential for developing advanced security analysis techniques using machine learning and artificial intelligence, as well as investigating the integration of security and compliance practices within automated SDLC frameworks.</p>
|
| 92 |
<strong>TOWARDS A TRANSDISCIPLINARY CYBER FORENSICS GEO-CONTEXTUALIZATION FRAMEWORK</strong>Mohammad Meraj Mirza (16635918) 04 August 2023 (has links)
<p>Technological advances have a profound impact on people and the world in which they live. People use a wide range of smart devices, such as the Internet of Things (IoT), smartphones, and wearable devices, on a regular basis, all of which store and use location data. With this explosion of technology, these devices have been playing an essential role in digital forensics and crime investigations. Digital forensic professionals have become more able to acquire and assess various types of data and locations; therefore, location data has become essential for responders, practitioners, and digital investigators dealing with digital forensic cases that rely heavily on digital devices that collect data about their users. It is very beneficial and critical when performing any digital/cyber forensic investigation to consider answering the six Ws questions (i.e., who, what, when, where, why, and how) by using location data recovered from digital devices, such as where the suspect was at the time of the crime or the deviant act. Therefore, they could convict a suspect or help prove their innocence. However, many digital forensic standards, guidelines, tools, and even the National Institute of Standards and Technology (NIST) Cyber Security Personnel Framework (NICE) lack full coverage of what location data can be, how to use such data effectively, and how to perform spatial analysis. Although current digital forensic frameworks recognize the importance of location data, only a limited number of data sources (e.g., GPS) are considered sources of location in these digital forensic frameworks. Moreover, most digital forensic frameworks and tools have yet to introduce geo-contextualization techniques and spatial analysis into the digital forensic process, which may aid digital forensic investigations and provide more information for decision-making. As a result, significant gaps in the digital forensics community are still influenced by a lack of understanding of how to properly curate geodata. Therefore, this research was conducted to develop a transdisciplinary framework to deal with the limitations of previous work and explore opportunities to deal with geodata recovered from digital evidence by improving the way of maintaining geodata and getting the best value from them using an iPhone case study. The findings of this study demonstrated the potential value of geodata in digital disciplinary investigations when using the created transdisciplinary framework. Moreover, the findings discuss the implications for digital spatial analytical techniques and multi-intelligence domains, including location intelligence and open-source intelligence, that aid investigators and generate an exceptional understanding of device users' spatial, temporal, and spatial-temporal patterns.</p>
|
Page generated in 0.1131 seconds