Combining static and dynamic testing for improved security
2022 (English)Independent thesis Basic level (university diploma), 10 credits / 15 HE credits
Student thesis
Abstract [en]
This thesis has been done in collaboration between Siyabend Revend, Luleå’s University of Technology and the fin-tech company Scila. Scila’s proposal for this thesis was to improve their continuous environment in terms of static and dynamic tests.
Using different testing tools and techniques to improve the quality of code and minimize security threats is one way to assure that your code stays clean and secure. With so many tools to use, which tools should be used and what different vulnerabilities can be detected? In addition, during which stage/stages would it be more beneficial to test your application?
This thesis explores a few security testing tools and techniques that have been implemented into a configured GitLab continuous integration (CI) pipeline. The purpose is to improve the security of Scila’s source code by detecting different security threats and bug smells, with automated application security testing.
The result that was achieved from the Static Application Security Testing was a success. The DAST implementation remains incomplete due to a few technical barriers and the short amount of time that this thesis was based on.
Place, publisher, year, edition, pages
2022. , p. 36
Keywords [en]
software development, continuous integration environment, continuous integration pipeline, Static Application Security Testing, Dynamic Application Security Testing
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:ltu:diva-92291OAI: oai:DiVA.org:ltu-92291DiVA, id: diva2:1684869
External cooperation
Scila
Educational program
Computer Engineering, bachelor's level
Supervisors
Examiners
2022-07-292022-07-282022-07-29Bibliographically approved