liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of the applicability of security testing techniques in continuous integration environments
Linköping University, Department of Computer and Information Science. Linköping University, The Institute of Technology.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Agile development methodologies are becoming increasingly popular, especially in projects that develop web applications. However, incorporation of software security in lightweight approaches can be difficult. Using security testing techniques throughout a complete agile development process by running automated tests in continuous integration environments is one approach that strives to improve security in agile projects. Instead of performing security testing at the end of the development cycle, such methods enables early and continuous detection of security risks and vulnerabilities.

The purpose of this thesis is to study how existing security testing techniques operate in continuous integration environments and what level of security they can help assure. The work is a qualitative analysis of dierent security testing techniques and evaluates how they technically fit into a continuous integration environment as well as how they adhere to agile principles. These techniques are also analyzed with the use of OWASP Top Ten to determine which security requirements they can verify. The outcome of the analysis is that no existing security testing technique is a perfect fit for usage in continuous integration testing. Each technique has its distinct advantages and drawbacks that should be taken into consideration when choosing a technique to work with in continuous integration environments. 

Place, publisher, year, edition, pages
2015. , 83 p.
Keyword [en]
Security Testing, Continuous Integration, Agile Security, Automated security testing
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-113753ISRN: LIU-IDA/LITH-EX-A--14/063--SEOAI: oai:DiVA.org:liu-113753DiVA: diva2:784545
External cooperation
Omegapoint AB
Subject / course
Computer and information science at the Institute of Technology
Supervisors
Examiners
Available from: 2015-02-04 Created: 2015-01-29 Last updated: 2015-02-04Bibliographically approved

Open Access in DiVA

fulltext(3432 kB)742 downloads
File information
File name FULLTEXT01.pdfFile size 3432 kBChecksum SHA-512
597145cb4de001b5743999d9b9d8f236a6aaab818c9a4822853d780ae458eac5255beb393f4a91409cdf8a1d5b9a736b328e3b4ff175e919d9e5aa33cc0629d9
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Thulin, Pontus
By organisation
Department of Computer and Information ScienceThe Institute of Technology
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 742 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 826 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf