AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION

Detalhes bibliográficos
Autor(a) principal: Zhygulskyy, Mykyta
Data de Publicação: 2021
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.8/5786
Resumo: This report is made within the Curricular Unit (UC) Project, in the 2nd year of the Master in Cyber-security and Forensic Informatics (MCIF) provided by the Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL Injection vulnerabilities in web applications. According to OWASP (Open Web Application Security Project) [20][19], this is one of the more prevalent attacks on web applications. As part of this work a web application was implemented, which can from a URL address, go through all the endpoints of the target application and test for SQL Injection vulnerabilities. The application also makes allows for scheduling of the tests and it is integrable with Continuous Integration / Continuous Delivery (CI/CD) environments. According to the literature on the subject, there are several algorithms that can be employed to test for existing SQL Injection vulnerabilities in a web application. In this document, we analyze them both from a theoretical and an implementation point of view. In order to better understand the subject, and produce a useful tool in this space. With the development of this project, we concluded that it is possible to integrate SQL vulnerability tests, with CI/CD pipeline and automate the development process of an application, with the execution of SQL injection tests in an automated way.
id RCAP_ed99a6839fd03ad6982e3fd5537fa9a0
oai_identifier_str oai:iconline.ipleiria.pt:10400.8/5786
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling AUTOMATED, SCHEDULED AND CI /CD WEB INJECTIONSegurança informáticaPirataria informáticaSistema de deteção de intrusão/OWASP (Open web Application Security Project)CI (Continuos Integration)CD (Continuos Delivery)Análise forense digitaDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaThis report is made within the Curricular Unit (UC) Project, in the 2nd year of the Master in Cyber-security and Forensic Informatics (MCIF) provided by the Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL Injection vulnerabilities in web applications. According to OWASP (Open Web Application Security Project) [20][19], this is one of the more prevalent attacks on web applications. As part of this work a web application was implemented, which can from a URL address, go through all the endpoints of the target application and test for SQL Injection vulnerabilities. The application also makes allows for scheduling of the tests and it is integrable with Continuous Integration / Continuous Delivery (CI/CD) environments. According to the literature on the subject, there are several algorithms that can be employed to test for existing SQL Injection vulnerabilities in a web application. In this document, we analyze them both from a theoretical and an implementation point of view. In order to better understand the subject, and produce a useful tool in this space. With the development of this project, we concluded that it is possible to integrate SQL vulnerability tests, with CI/CD pipeline and automate the development process of an application, with the execution of SQL injection tests in an automated way.Gomes, Ricardo Jorge PereiraIC-OnlineZhygulskyy, Mykyta2021-05-17T13:06:05Z2021-01-202021-01-20T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.8/5786TID:202725685enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-17T15:51:43Zoai:iconline.ipleiria.pt:10400.8/5786Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:49:09.728278Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
title AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
spellingShingle AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
Zhygulskyy, Mykyta
Segurança informática
Pirataria informática
Sistema de deteção de intrusão/OWASP (Open web Application Security Project)
CI (Continuos Integration)
CD (Continuos Delivery)
Análise forense digita
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
title_short AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
title_full AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
title_fullStr AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
title_full_unstemmed AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
title_sort AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION
author Zhygulskyy, Mykyta
author_facet Zhygulskyy, Mykyta
author_role author
dc.contributor.none.fl_str_mv Gomes, Ricardo Jorge Pereira
IC-Online
dc.contributor.author.fl_str_mv Zhygulskyy, Mykyta
dc.subject.por.fl_str_mv Segurança informática
Pirataria informática
Sistema de deteção de intrusão/OWASP (Open web Application Security Project)
CI (Continuos Integration)
CD (Continuos Delivery)
Análise forense digita
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
topic Segurança informática
Pirataria informática
Sistema de deteção de intrusão/OWASP (Open web Application Security Project)
CI (Continuos Integration)
CD (Continuos Delivery)
Análise forense digita
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
description This report is made within the Curricular Unit (UC) Project, in the 2nd year of the Master in Cyber-security and Forensic Informatics (MCIF) provided by the Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL Injection vulnerabilities in web applications. According to OWASP (Open Web Application Security Project) [20][19], this is one of the more prevalent attacks on web applications. As part of this work a web application was implemented, which can from a URL address, go through all the endpoints of the target application and test for SQL Injection vulnerabilities. The application also makes allows for scheduling of the tests and it is integrable with Continuous Integration / Continuous Delivery (CI/CD) environments. According to the literature on the subject, there are several algorithms that can be employed to test for existing SQL Injection vulnerabilities in a web application. In this document, we analyze them both from a theoretical and an implementation point of view. In order to better understand the subject, and produce a useful tool in this space. With the development of this project, we concluded that it is possible to integrate SQL vulnerability tests, with CI/CD pipeline and automate the development process of an application, with the execution of SQL injection tests in an automated way.
publishDate 2021
dc.date.none.fl_str_mv 2021-05-17T13:06:05Z
2021-01-20
2021-01-20T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.8/5786
TID:202725685
url http://hdl.handle.net/10400.8/5786
identifier_str_mv TID:202725685
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799136984751407104

Registros relacionados