Devsecops for continuous security in trading software application development: a systematic literature review.

Abstract

This systematic literature review examined the implementation of DevSecOps for continuous security in financial trading software application development. This review identifies key strategies and security frameworks, analyses cybersecurity threats specific to trading applications, explores secure coding practices, and discusses the transition from DevOps to DevSecOps, focusing on security. A comprehensive search was conducted across multiple databases up to July 9, 2024. The study aimed to identify best practices for integrating security into every phase of the software development process, from initial design to deployment and maintenance. This included automated security testing, continuous monitoring, and incident response strategies tailored for financial trading platforms. The review also delved into the challenges faced by developers in the financial sector, such as compliance with stringent regulatory requirements and the need to protect highly sensitive financial data. Furthermore, it evaluated the effectiveness of current security frameworks in mitigating risks associated with trading software, including common vulnerabilities and attack vectors. The study had limitations, including the exclusive consideration of the most recent threats, potentially overlooking relevant historical data. Additionally, the focus on financial trading applications may limit the generalizability of the findings to other domains. Despite these limitations, the results highlighted the critical importance of incorporating DevSecOps concepts into software development processes to enhance the security and resilience of financial trading systems in an increasingly hostile cyber environment. This research underscores the need for continuous adaptation and improvement in security practices to keep up with evolving threats.