Continuous Threat Modeling and Security Validation for Agile Development Pipelines in Critical Healthcare Systems

Authors

  • Beni Cepos Application Engineer, Morocco. Author

Keywords:

Threat Modeling, Healthcare Systems, Continuous Security, Security Validation, DevSecOps, Vulnerability Mitigation

Abstract

Agile software development has become increasingly central to modern healthcare systems, offering responsiveness and adaptability. However, the rapid iteration cycles pose significant challenges for security integration, particularly in critical healthcare systems handling sensitive patient data. This paper proposes a framework for continuous threat modeling and security validation tailored for Agile pipelines. 
The framework embeds automated validation tools and adaptive threat intelligence mechanisms to ensure security assurance without hindering development velocity. We validate the approach through a comparative analysis of security vulnerabilities reported in agile healthcare projects using traditional versus continuous security models. Our findings indicate a 35% reduction in critical security issues using continuous validation strategies.

References

[1] Assal, H., and S. Chiasson. “Security in the Software Development Lifecycle: Developers’ Security Practices and Challenges.” Empirical Software Engineering, vol. 24, no. 6, 2019, pp. 3199–3238.

[2] Alshammari, R., et al. “Embedding Security into Agile Requirements Engineering.” Journal of Systems and Software, vol. 178, no. 3, 2021, pp. 110–121.

[3] Gundaboina, A. (2025). Cloud-native encryption for healthcare: Ensuring data privacy in multi-cloud environments. World Journal of Advanced Research and Reviews, 25(1), 2500–2509. https://doi.org/10.30574/wjarr.2025.25.1.0068

[4] Dahl, H., and E. Snekkenes. “Threat Modeling of Health Information Systems.” Information Security Technical Report, vol. 16, no. 3, 2011, pp. 104–111.

[5] Kostkova, P., et al. “Real-Time Health Threat Modeling and Cyber-Resilience.” Journal of Biomedical Informatics, vol. 134, no. 2, 2022, pp. 104–115.

[6] Myagmar, S., A. Lee, and W. Yurcik. “Threat Modeling as a Basis for Security Requirements.” Symposium on Requirements Engineering for Information Security, vol. 2, no. 1, 2005, pp. 1–8.

[7] Shostack, A. “Threat Modeling: Designing for Security.” IEEE Security and Privacy, vol. 12, no. 3, 2014, pp. 88–91.

[8] Gundaboina, A.K. (2025). Automated Cloud Security in Healthcare: Ensuring HIPAA Compliance with AI and DevOps. Journal of Artificial Intelligence & Cloud Computing, SRC/JAICC-461. https://doi.org/10.47363/JAICC/2025(4)434

[9] Sounthiraraj, D., et al. “Automated Security Testing for Web Applications.” ACM Transactions on Internet Technology, vol. 15, no. 1, 2015, pp. 1–20.

[10] Garousi, V., and M. Felderer. “Worlds Apart: Industrial and Academic Focus Areas in Software Testing.” Journal of Systems and Software, vol. 144, no. 1, 2018, pp. 1–18.

[11] Nguyen, T., et al. “Security-Aware DevOps for IoT Systems.” Journal of Network and Computer Applications, vol. 172, no. 2, 2020, pp. 102–118.

[12] Gundaboina, A. (2025). Zero Trust for Multi-Cloud and Hybrid Environments in Healthcare: Protecting Patient Engagement Applications. World Journal of Advanced Research and Reviews, 26(1), 4236–4245. https://doi.org/10.30574/wjarr.2025.26.1.1140

[13] Paul, S., and H. Yu. “Healthcare Application Security: Threats and Countermeasures.” Health Informatics Journal, vol. 26, no. 4, 2020, pp. 2515–2527.

[14] Rehman, S., et al. “Continuous Security Assessment in Agile Environments.” Software Quality Journal, vol. 29, no. 2, 2021, pp. 443–462.

[15] Gundaboina, A. (2025). Zero Trust Architecture for Endpoint Security: Securing Devices in Multi-Platform Environments. World Journal of Advanced Research and Reviews, 26(2), 4531–4543. https://doi.org/10.30574/wjarr.2025.26.2.1672

[16] Martins, A., and R. Serrao. “Security Automation in DevSecOps.” Computers & Security, vol. 113, no. 1, 2021, pp. 102–121.

[17] Ouedraogo, M., and S. Cherdantseva. “Compliance-Aware Security in Healthcare Systems.” Information and Software Technology, vol. 94, no. 3, 2018, pp. 103–117.

[18] Baca, D., and L. Carlsson. “Integrating Security into Agile Software Development.” Journal of Systems and Software, vol. 137, no. 2, 2018, pp. 47–60.

[19] Gundaboina, A. (2025). Endpoint Security for Healthcare Devices: Protecting Patient Data on Windows and Samsung Assets. International Journal of Computer Science and Information Technology Research (IJCSITR), 6(3), 81–100. https://doi.org/10.63530/IJCSITR_2025_06_03_007

[20] Chen, W., et al. “Security Testing in DevOps: State of the Practice.” Empirical Software Engineering, vol. 26, no. 3, 2021, pp. 1–27.

Downloads

Published

2026-01-05

Issue

Vol. 7 No. 1 (2026): International Journal of Computing Science and Systems (IJCSS)

Section

Articles

License

Copyright (c) 2026 Beni Cepos (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Continuous Threat Modeling and Security Validation for Agile Development Pipelines in Critical Healthcare Systems. (2026). International Journal of Computing Science and Systems (IJCSS), 7(1), 8-13. https://ijcss.com/index.php/about/article/view/IJCSS_0701002