Improving security of a pentesting platform through CI/CD
The primary goal of this master's project is to develop a robust testing platform specifically designed for evaluating the backend of HuntDown, a web application that allows you to automate cyberattacks. This testing platform has two main objectives: firstly, to identify potential vulnerabiliti...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2023 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | coreano |
| OAI Identifier: | oai:upcommons.upc.edu:2117/399696 |
| Acceso en línea: | https://hdl.handle.net/2117/399696 |
| Access Level: | acceso abierto |
| Palabra clave: | Computer security HuntDown cybersecurity CI/CD automation Golang ciberseguridad automatización Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Sumario: | The primary goal of this master's project is to develop a robust testing platform specifically designed for evaluating the backend of HuntDown, a web application that allows you to automate cyberattacks. This testing platform has two main objectives: firstly, to identify potential vulnerabilities within the backend infrastructure, and secondly, to ensure that these vulnerabilities are effectively addressed, resolved and monitored. By integrating this testing platform into the development process, the team aims to proactively detect and rectify any security issues in the backend code, thereby ensuring a robust and secure application before deployment through the implementation of Continuous Integration and Continuous Deployment (CI/CD) practices. During the research phase, the HuntDown platform was deeply investigated to fully understand its workflow while discovering vulnerabilities. Once the research has been done, an iterative approach has been adopted, where the platform was subjected to penetration testing while developing the tester in parallel, resulting in the identification several vulnerabilities, including three critical and two high severity findings. Finally, tests were developed to monitor and track these vulnerabilities using the newly integrated tester. |
|---|