Loading...
Publication
AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 2.26 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
This report is made within the Curricular Unit (UC) Project, in the 2nd year of
the Master in Cyber-security and Forensic Informatics (MCIF) provided by the
Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL
Injection vulnerabilities in web applications. According to OWASP (Open Web
Application Security Project) [20][19], this is one of the more prevalent attacks on
web applications. As part of this work a web application was implemented, which
can from a URL address, go through all the endpoints of the target application
and test for SQL Injection vulnerabilities. The application also makes allows for
scheduling of the tests and it is integrable with Continuous Integration / Continuous
Delivery (CI/CD) environments. According to the literature on the subject, there
are several algorithms that can be employed to test for existing SQL Injection
vulnerabilities in a web application. In this document, we analyze them both from
a theoretical and an implementation point of view. In order to better understand
the subject, and produce a useful tool in this space. With the development of this
project, we concluded that it is possible to integrate SQL vulnerability tests, with
CI/CD pipeline and automate the development process of an application, with the
execution of SQL injection tests in an automated way.
Description
Keywords
Segurança informática Pirataria informática Sistema de deteção de intrusão/OWASP (Open web Application Security Project) CI (Continuos Integration) CD (Continuos Delivery) Análise forense digita