Automated Security Testing Utilizing Continuous Integration and Continuous Delivery Technologies
Koskela, Pyry (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021052812347
https://urn.fi/URN:NBN:fi:amk-2021052812347
Tiivistelmä
The circumstances of the year 2020 created a need for pushing everything and everyone online. To adapt to the situation at the required pace, the swift transition of existing systems and workflows from physical to digital was inevitable. However, the rapid development of new services resulted in the infrastructure not cutting the mustard in terms of information security and cybersecurity.
The objective was to develop and implement a security testing construct to secure the Client’s expanding server and service infrastructure. The requirements specified for the security testing system were the ability to automate the testing implementation and adapt it to the Client’s agile development workflow while making it as cost-efficient as possible.
The solution consisted of a containerized vulnerability assessment framework deployed into a dedicated server, designing and developing a CLI (Command-Line Interface) tool for remote interaction, and hooking the Client’s CI/CD pipeline with the security testing service.
As an outcome of this constructive research approach, the Client’s infrastructure includes a security testing service regularly scanning the servers against weaknesses with an ever-growing number of vulnerability tests.
The objective was achieved, and the solution provides a solid base for the Client’s security testing. To further improve the reliability of the system, additional scanning tools could be implemented to run alongside.
The objective was to develop and implement a security testing construct to secure the Client’s expanding server and service infrastructure. The requirements specified for the security testing system were the ability to automate the testing implementation and adapt it to the Client’s agile development workflow while making it as cost-efficient as possible.
The solution consisted of a containerized vulnerability assessment framework deployed into a dedicated server, designing and developing a CLI (Command-Line Interface) tool for remote interaction, and hooking the Client’s CI/CD pipeline with the security testing service.
As an outcome of this constructive research approach, the Client’s infrastructure includes a security testing service regularly scanning the servers against weaknesses with an ever-growing number of vulnerability tests.
The objective was achieved, and the solution provides a solid base for the Client’s security testing. To further improve the reliability of the system, additional scanning tools could be implemented to run alongside.