Automated security testing in DevSecOps pipelines: Integrating AI-based vulnerability discovery and compliance validation
NTS Netzwerk Telekom Service AG.
Review Article
World Journal of Advanced Research and Reviews, 2024, 22(01), 2083-2093
Publication history:
Received on 28 February 2024; revised on 27 April 2024; accepted on 29 April 2024
Abstract:
Recently, the issue of cybersecurity threats has become significantly more complex and frequent, making classical approaches to security inadequate for safeguarding modern and agile software environments. This paper explores the role of automated security testing in DevSecOps pipelines, focusing on how artificial intelligence (AI) can be leveraged to identify vulnerabilities and verify compliance. It describes the increasing necessity of automation due to the constraints of manual testing, the issue of scalability with established tools, and the growth of the regulatory environment. The significant elements, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST), are evaluated, as well as automatic compliance processes in line with GDPR, HIPAA, OWASP, and NIST requirements. The paper raises the idea that AI-based solutions can not only increase the quality of threat intelligence and help avoid false positives but also facilitate proactive security. Best practices in implementation, as well as challenges, including tool accuracy and integration friction, ethical issues, and skill deficiencies, are also mentioned. The paper concludes with a discussion of future trends in AI-enhanced DevSecOps, explainable security, policy-as-code, decentralized compliance models, and intelligent orchestration platforms.
Keywords:
DevSecOps; Automated Security Testing; AI-based Vulnerability Discovery; Compliance Validation; Static Analysis (SAST); Dynamic Analysis (DAST); Interactive Testing (IAST)
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0