Nowadays the scope of secure development and maintenance processes progressively got extended. The scene of monolithic applications and physical server farms has been mostly replaced by virtualized and container based microservice architectures, fully reforming development processes.
Besides, as the result of the affordability and high availability of cloud based services, cloud native technologies gained more space on the software development scene, which results in many advantages e.g. in terms of automation, isolation and deployment, but also a great need emerges for introducing security and audit processes.
This thesis mostly deals with environments and tools of this new generation: technologies, which gained space on the scene of cloud native development and architectures, but as with every other organically developed ecosystems – and we are mostly talking about open source softwares here – filling security holes has always been secondary. Hence why introducing appropriate education and reinventing processes became essential for maintainability.
In the scope of the creation of the thesis 5 challenges were developed on the Avatao platform and besides further research were done on a secure collaborative „Infrastructure as Code” deployment process, which resulted in a publication.