izpis_h1_title_alt

Avtomatizacija vdornega testiranja spletnih strani
ID Kerševan, Gregor (Author), ID Žitnik, Slavko (Mentor) More about this mentor... This link opens in a new window, ID Jelenc, David (Comentor)

.pdfPDF - Presentation file, Download (2,38 MB)
MD5: 0E5951FB995D0B43F8E0291550B8F400

Abstract
V tem delu se ukvarjamo s problemom avtomatiziranega iskanja ranljivosti spletnih aplikacij v okviru procesov DevSecOps in cevovodov CI/CD. Uvedba varnostnih testov v avtomatiziran proces predstavlja izziv, saj je nekatere ranljivosti težko avtomatizirano iskati ali zahtevajo ročne posege, kot so ročni vdorni testi. Naš pristop vključuje implementacijo agenta, ki avtomatsko izvaja varnostne teste in analizira rezultate v grafičnih prikazih. Rešitev smo integrirali v cevovod DevOps ter testirali nad odprtokodnimi aplikacijami. Končni prispevek naloge omogoča boljši nadzor nad varnostjo spletnih aplikacij ter poenostavi proces iskanja ranljivosti za varnostne inženirje.

Language:Slovenian
Keywords:avtomatizacija, devsecops, sast
Work type:Master's thesis/paper
Organization:FRI - Faculty of Computer and Information Science
Year:2024
PID:20.500.12556/RUL-164658 This link opens in a new window
Publication date in RUL:06.11.2024
Views:94
Downloads:137
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Web site penetration testing automation
Abstract:
This work addresses the problem of automated vulnerability scanning for web applications within the context of DevSecOps processes and CI/CD pipelines. Introducing security testing into an automated process poses a challenge, as some vulnerabilities are difficult to scan automatically or require manual interventions, such as manual penetration testing. Our approach involves implementing an agent that automatically performs security tests and analyzes the results through graphical displays. The solution was integrated into a DevOps pipeline and tested on open-source applications. The final contribution of this thesis provides better oversight of web application security and simplifies the vulnerability scanning process for security engineers.

Keywords:automation, devsecops, sast

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back