TIM-8340 v2

Sakthivel, M., Sivanantham, S., Bharathiraja, N., Krishna, N. B., Kamalraj, R., & Kumar, V. S. (2024). Ensuring web application security: An owasp driven development methodology. 2024 International Conference on Knowledge Engineering and Communication Systems (ICKECS), 1, 1–7.
The authors discussed strategies to minimize software vulnerabilities.

Patil, S., Rao, M., Misal, L., Phaldesai, D., & Shivsharan, K. (2023). A review of the owasp top 10 web application security risks and best practices for mitigating these risks. 2023 7th International Conference on Computing, Communication, Control and Automation (ICCUBEA), 1–8.
The authors present a review of the top 10 OWASP security risks and best practices to mitigate.

Thapa, B. (2023). Cybersecurity: Secure code with code auditing. https://www.theseus.fi/handle/10024/804888
In this paper, the authors discuss how code auditing can assist with secure code development.

Singh, R., Kumar Gupta, M., Patil, D. R., & Maruti Patil, S. (2024). Analysis of web application vulnerabilities using dynamic application security testing. 2024 IEEE 9th International Conference for Convergence in Technology (I2CT), Convergence in Technology (I2CT), 2024 IEEE 9th International Conference For, 1–6. https://doi.org/10.1109/I2CT61223.2024.10543484
This study highlights Dynamic Application Security Testing (DAST) as a vital real-time method for identifying vulnerabilities, offering actionable insights to enhance application cybersecurity in practice.

Zhou, X., Tran, D.-M., Le-Cong, T., Zhang, T., Irsan, I. C., Sumarlin, J., Le, B., & Lo, D. (2024). Comparison of static application security testing tools and large language models for repo-level vulnerability detection. arXiv preprint arXiv:2407.16235.
This study compares 15 SAST tools with 12 open-source LLMs across Java, C, and Python repositories. Findings indicate that while SAST tools have lower false positives, they detect fewer vulnerabilities compared to LLMs. Combining both approaches can enhance detection accuracy.

Lombardi, F., & Fanton, A. (2023). From DevOps to DevSecOps is Not Enough. CyberDevOps: An extreme shifting-left architecture to bring cybersecurity within software security lifecycle pipeline. Software Quality Journal, 31(2), 619–654. https://doi.org/10.1007/s11219-023-09619-3
This paper discusses DevOps and DevSecOps, while introducing a new model called CyberDevOps.

Cheenepalli, J., Hastings, J. D., Ahmed, K. M., & Fenner, C. (2025). Advancing devsecops in smes: challenges and best practices for secure ci/cd pipelines. arXiv preprint arXiv:2503.22612.
This study examines how small and medium-sized enterprises (SMEs) are adopting DevSecOps, using a mixed-methods approach informed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory.

Wen-Tin Lee & Zhun-Wei Liu. (2023). Microservices-based DevSecOps platform using pipeline and open-source software. Journal of Information Science & Engineering, 39(5), 1117–1128. https://doi.org/10.6688/JISE.202309_39(5).0007
In this paper, the authors delve into DevSecOps in microservices.

Khandebharad, A. (2022). Migration from DevOps to DevSecOps: A complete migration framework, challenges, and evaluation. International Journal of Cloud Applications and Computing (IJCAC), 12(1). https://doi.org/10.4018/IJCAC.2022010102
The authors identify the requirements for prioritizing security in DevOps.

Chung, J. (2024). DevSecOps metrics, benefits, and improvements [PhD Thesis, National University].
The author proposes a set of DevSecOps metrics, benefits, and improvements in this thesis.