Enabling Gitlab DAST for Dynamic Application Security Testing

enabling gitlab to use dast to test nbi eduardo n.w
1 / 6
Embed
Share

Learn how to enable Gitlab's Dynamic Application Security Testing (DAST) to test applications for vulnerabilities, using OWASP Zed Attack Proxy (ZAP) and different scanning modes. Understand the process from environment creation to specific configurations for Passive and Active testing modes.

  • Gitlab
  • DAST
  • Security Testing
  • Vulnerabilities
  • OWASP
rayaanacharya
ridha Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Enabling Gitlab to use DAST to test NBI Eduardo Sousa, Mark Beierl (Canonical)

  2. What is DAST? Dynamic Application Security Testing (DAST) examines applications for vulnerabilities in deployed applications. Vulnerabilities might range from misconfiguration of the web server to incorrect assumptions made about the code. Gitlab uses a widely known and used tool: OWASP Zed Attack Proxy (ZAP)

  3. DAST Modes in Gitlab Passive scan - Gitlab executes a Baseline Scan with predefined tests. It doesn t attack the application. Passive and Active scan - It scans OSM and tries to actively attack it. Can be configured to be more complete and thorough.

  4. Objective 1. Enable DAST in Gitlab in the Passive mode for NBI and NG-UI 2. Analyze the results 3. Create specific configurations for both components to perform the tests in Passive and Active mode

  5. Specific Steps Creation of environment where OSM can be deployed (CD) Decouple execution of tests from OSM deployment Creation of a DAST job to test the deployed OSM By IP address, or specific hostname in Ingress

  6. Thank you!

Related


Cross-platform C++ Development with CMake and vcpkg

Cross-platform C++ Development with CMake and vcpkg

caio
MCAS Civics Field Test Overview for Spring 2024 Session

MCAS Civics Field Test Overview for Spring 2024 Session

sama
Effective Strategies for Overcoming Test Anxiety

Effective Strategies for Overcoming Test Anxiety

lulu
Software Testing: Test Cases, Selection, and Execution

Software Testing: Test Cases, Selection, and Execution

harri
Single Beamlet Deflection in Negative Ion Sources for NBI Applications

Single Beamlet Deflection in Negative Ion Sources for NBI Applications

luciana
Coagulase Test in Microbiology

Coagulase Test in Microbiology

solveig
University Math Placement Test Overview

University Math Placement Test Overview

llewellyn
Enhancing FPGA/SoC Projects with Gitlab CI: A Comprehensive Overview

Enhancing FPGA/SoC Projects with Gitlab CI: A Comprehensive Overview

zoya
Hardware Monitoring Evolution at CERN: Lemon vs. Collectd

Hardware Monitoring Evolution at CERN: Lemon vs. Collectd

lsure
Managing Test Anxiety Tips for Success in Illinois Licensure Exam

Managing Test Anxiety Tips for Success in Illinois Licensure Exam

mal_w
Floor Plan Extraction from Digital Building Models: State of the Map 2022

Floor Plan Extraction from Digital Building Models: State of the Map 2022

bara_106
A Simple Introduction to Git and GitLab in Software Engineering

A Simple Introduction to Git and GitLab in Software Engineering

pay_vet
Methylene Blue Reduction Test for Milk Quality Assessment

Methylene Blue Reduction Test for Milk Quality Assessment

atiyahmu
HIV Rapid Test Procedures and Instructions

HIV Rapid Test Procedures and Instructions

uier101
Introduction to CSE 332: Data Structures and Parallelism with Richard Anderson

Introduction to CSE 332: Data Structures and Parallelism with Richard Anderson

siddhi
Update on UE Beam Assumption for RRM Test Cases in 3GPP Meetings

Update on UE Beam Assumption for RRM Test Cases in 3GPP Meetings

goodsell_r
Recent Developments and Plans for Geant4: Non-Physics Updates

Recent Developments and Plans for Geant4: Non-Physics Updates

zaon859
Insight into PEPS Data Processing Architecture by Erwann Poupard

Insight into PEPS Data Processing Architecture by Erwann Poupard

croskey_g
Comprehensive Guide to Auto Injury Litigation: NBI Section II Analysis

Comprehensive Guide to Auto Injury Litigation: NBI Section II Analysis

kazuhi
Updates from TSVV3 Regular Advancement Meeting on 22/09/2021

Updates from TSVV3 Regular Advancement Meeting on 22/09/2021

emmaline
Enhancing IEEE 802.11 Network Performance with Adaptive Feedback

Enhancing IEEE 802.11 Network Performance with Adaptive Feedback

gram_9
Efficient Design Strategies for Minimizing Test Application Time in SoC

Efficient Design Strategies for Minimizing Test Application Time in SoC

ann_yon

More Related Content