AbstractsComputer Science

Evaluation of the applicability of security testing techniques in continuous integration environments

by Pontus Thulin




Institution: Linköping University
Department:
Year: 2015
Keywords: Security Testing; Continuous Integration; Agile Security; Automated security testing; Natural Sciences; Computer and Information Science; Computer Science; Naturvetenskap; Data- och informationsvetenskap; Datavetenskap (datalogi); Datavetenskap vid LiTH; Computer and information science at the Institute of Technology
Record ID: 1369372
Full text PDF: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-113753


Abstract

Agile development methodologies are becoming increasingly popular, especially in projects that develop web applications. However, incorporation of software security in lightweight approaches can be difficult. Using security testing techniques throughout a complete agile development process by running automated tests in continuous integration environments is one approach that strives to improve security in agile projects. Instead of performing security testing at the end of the development cycle, such methods enables early and continuous detection of security risks and vulnerabilities. The purpose of this thesis is to study how existing security testing techniques operate in continuous integration environments and what level of security they can help assure. The work is a qualitative analysis of dierent security testing techniques and evaluates how they technically fit into a continuous integration environment as well as how they adhere to agile principles. These techniques are also analyzed with the use of OWASP Top Ten to determine which security requirements they can verify. The outcome of the analysis is that no existing security testing technique is a perfect fit for usage in continuous integration testing. Each technique has its distinct advantages and drawbacks that should be taken into consideration when choosing a technique to work with in continuous integration environments.