izpis_h1_title_alt

Pregled orodij za varnostno testiranje v DevOps okolju
ID KOPAČ, ŽAN (Author), ID Vavpotič, Damjan (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,01 MB)
MD5: A020AF62D924D452D23D18E54F86699D

Abstract
Pričujoče diplomsko delo predstavlja pregled orodij za varnostno testiranje spletnih aplikacij, ki jih lahko integriramo v okolje DevOps. Vključuje podrobnejši opis ter primerjavo orodij OWASP ZAP, Wapiti in Arachni. Izbrani so primerni kriteriji za medsebojno primerjavo ter izpostavljene izstopajoče prednosti in slabosti posameznega orodja. V delu je predstavljeno okolje DevOps ter različni načini, kako lahko v njem izvajamo varnostno testiranje. Opisan je tudi primer postavljenega cevovoda CI/CD z dinamičnimi varnostnimi testi za spletno aplikacijo. Namen dela je bralcu predstaviti nekaj popularnih orodij za dinamično varnostno testiranje, ki jih je mogoče vključiti v cikel DevOps. Poleg tega s primerjavo prednosti in slabosti orodij olajša izbiro, katero uporabiti v posamezni situaciji.

Language:Slovenian
Keywords:varnost, DevOps, testiranje, DAST
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FRI - Faculty of Computer and Information Science
Year:2022
PID:20.500.12556/RUL-139152 This link opens in a new window
COBISS.SI-ID:120542211 This link opens in a new window
Publication date in RUL:31.08.2022
Views:790
Downloads:64
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:An overview of security testing tools in the DevOps environment
Abstract:
This thesis presents an overview of web application security testing tools that can be integrated into the DevOps cycle. It includes a detailed description and the comparison of the tools OWASP ZAP, Wapiti and Arachni. Appropriate criteria are chosen for comparison and distinguishable pros and cons of each tool are presented. The thesis presents the DevOps environment and multiple ways of including security testing. An example of a working CI/CD pipeline with dynamic security tests of a web application is described. The purpose of this thesis is to present the reader some of the popular dynamic security testing tools that can be integrated in to the DevOps cycle. Additionally, it eases the choice of tools in different situations by juxtaposing the pros and cons of each tool.

Keywords:security, DevOps, testing, DAST

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back