Improving security of a pentesting platform through CI/CD

The primary goal of this master's project is to develop a robust testing platform specifically designed for evaluating the backend of HuntDown, a web application that allows you to automate cyberattacks. This testing platform has two main objectives: firstly, to identify potential vulnerabiliti...

Descripción completa

Detalles Bibliográficos
Autor: Reig Callis, Jordi
Tipo de recurso: tesis de maestría
Fecha de publicación:2023
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:coreano
OAI Identifier:oai:upcommons.upc.edu:2117/399696
Acceso en línea:https://hdl.handle.net/2117/399696
Access Level:acceso abierto
Palabra clave:Computer security
HuntDown
cybersecurity
CI/CD
automation
Golang
ciberseguridad
automatización
Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:The primary goal of this master's project is to develop a robust testing platform specifically designed for evaluating the backend of HuntDown, a web application that allows you to automate cyberattacks. This testing platform has two main objectives: firstly, to identify potential vulnerabilities within the backend infrastructure, and secondly, to ensure that these vulnerabilities are effectively addressed, resolved and monitored. By integrating this testing platform into the development process, the team aims to proactively detect and rectify any security issues in the backend code, thereby ensuring a robust and secure application before deployment through the implementation of Continuous Integration and Continuous Deployment (CI/CD) practices. During the research phase, the HuntDown platform was deeply investigated to fully understand its workflow while discovering vulnerabilities. Once the research has been done, an iterative approach has been adopted, where the platform was subjected to penetration testing while developing the tester in parallel, resulting in the identification several vulnerabilities, including three critical and two high severity findings. Finally, tests were developed to monitor and track these vulnerabilities using the newly integrated tester.