Publication
AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
| datacite.subject.fos | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática | pt_PT |
| dc.contributor.advisor | Gomes, Ricardo Jorge Pereira | |
| dc.contributor.author | Zhygulskyy, Mykyta | |
| dc.date.accessioned | 2021-05-17T13:06:05Z | |
| dc.date.available | 2021-05-17T13:06:05Z | |
| dc.date.issued | 2021-01-20 | |
| dc.description.abstract | This report is made within the Curricular Unit (UC) Project, in the 2nd year of the Master in Cyber-security and Forensic Informatics (MCIF) provided by the Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL Injection vulnerabilities in web applications. According to OWASP (Open Web Application Security Project) [20][19], this is one of the more prevalent attacks on web applications. As part of this work a web application was implemented, which can from a URL address, go through all the endpoints of the target application and test for SQL Injection vulnerabilities. The application also makes allows for scheduling of the tests and it is integrable with Continuous Integration / Continuous Delivery (CI/CD) environments. According to the literature on the subject, there are several algorithms that can be employed to test for existing SQL Injection vulnerabilities in a web application. In this document, we analyze them both from a theoretical and an implementation point of view. In order to better understand the subject, and produce a useful tool in this space. With the development of this project, we concluded that it is possible to integrate SQL vulnerability tests, with CI/CD pipeline and automate the development process of an application, with the execution of SQL injection tests in an automated way. | pt_PT |
| dc.identifier.tid | 202725685 | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10400.8/5786 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Segurança informática | pt_PT |
| dc.subject | Pirataria informática | pt_PT |
| dc.subject | Sistema de deteção de intrusão/OWASP (Open web Application Security Project) | pt_PT |
| dc.subject | CI (Continuos Integration) | pt_PT |
| dc.subject | CD (Continuos Delivery) | pt_PT |
| dc.subject | Análise forense digita | pt_PT |
| dc.title | AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Cibersegurança e Informática Forense | pt_PT |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Relatorio_vCORRIGIDA_MykytaZhygulskyy_com_correções_formais.pdf
- Size:
- 2.26 MB
- Format:
- Adobe Portable Document Format
- Description: