liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Evaluation of the applicability of security testing techniques in continuous integration environments
Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Agile development methodologies are becoming increasingly popular, especially in projects that develop web applications. However, incorporation of software security in lightweight approaches can be difficult. Using security testing techniques throughout a complete agile development process by running automated tests in continuous integration environments is one approach that strives to improve security in agile projects. Instead of performing security testing at the end of the development cycle, such methods enables early and continuous detection of security risks and vulnerabilities.

The purpose of this thesis is to study how existing security testing techniques operate in continuous integration environments and what level of security they can help assure. The work is a qualitative analysis of dierent security testing techniques and evaluates how they technically fit into a continuous integration environment as well as how they adhere to agile principles. These techniques are also analyzed with the use of OWASP Top Ten to determine which security requirements they can verify. The outcome of the analysis is that no existing security testing technique is a perfect fit for usage in continuous integration testing. Each technique has its distinct advantages and drawbacks that should be taken into consideration when choosing a technique to work with in continuous integration environments. 

Place, publisher, year, edition, pages
2015. , 83 p.
Keyword [en]
Security Testing, Continuous Integration, Agile Security, Automated security testing
National Category
Computer Science
URN: urn:nbn:se:liu:diva-113753ISRN: LIU-IDA/LITH-EX-A--14/063--SEOAI: diva2:784545
External cooperation
Omegapoint AB
Subject / course
Computer and information science at the Institute of Technology
Available from: 2015-02-04 Created: 2015-01-29 Last updated: 2015-02-04Bibliographically approved

Open Access in DiVA

fulltext(3432 kB)553 downloads
File information
File name FULLTEXT01.pdfFile size 3432 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Thulin, Pontus
By organisation
Department of Computer and Information ScienceThe Institute of Technology
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 553 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 700 hits
ReferencesLink to record
Permanent link

Direct link