Software Engineering Institute

This poster was presented at FloCon 2023, an annual conference that focuses on applying any and all collected data to defend enterprise networks.

The DevSecOps process focuses on security in the software development lifecycle and integrates code development with operations and security in an iterated process throughout that cycle. This talk (or poster) explains an authoritative reference model for DevSecOps, the Platform Independent Model (PIM). The presentation then applies the PIM to supporting development and operation of network traffic analysis tools. In addition, the presentation discusses incorporating network traffic analysis methods to address security concerns within the DevSecOps process including both observation of development log and traffic information and evaluation of the products in operation.

The audience will gain an understanding of the DevSecOps pipeline together with potential contributions to network traffic analysis and also to identification of security issues, such as code insertion or exfiltration, using network traffic analysis methods on the log and traffic information collected throughout the DevSecOps cycles.