DevSecOps

DevSecOps – Dynamic Analysis DAST with OWASP ZAP and Jenkins.

DevSecOps – Dynamic Analysis DAST with OWASP ZAP and Jenkins.

Dynamic Application Security Testing (DAST) also called Black Box Testing is a testing practice that will test the application by executing your web application. As we know, In SAST, a Web application will be tested inside the application which doesn’t even require that the application should be running. So, when we do Dynamic Analysis, we […]

DevSecOps – Dynamic Analysis DAST with OWASP ZAP and Jenkins. Read More »

Static Analysis SAST with Jenkins Pipeline

DevSecOps – Static Analysis SAST with Jenkins Pipeline.

As part of the DevSecOps implementation in the CICD pipeline, Scanning the Source code and performing Static Analysis SAST is important. SAST is basically Whitebox testing which will be performed on source code. This will help in finding very important vulnerabilities in the source code. Specifically, vulnerabilities defined by OWASP Top 10 should be mitigated.

DevSecOps – Static Analysis SAST with Jenkins Pipeline. Read More »

Security Testing with OWASP ZAP Proxy

OWASP ZAP – Zad Attack Proxy and its Features

OWASP ZAP (Zad Attack Proxy) is an opensource Dynamic Application Security Testing (DAST) tool. This will be sitting between web application and end-user and help to identify security vulnerabilities in web application design and architecture. As the name goes, this is Open Web Application Security Project (OWASP) projects. ZAP is one of the successful proxy

OWASP ZAP – Zad Attack Proxy and its Features Read More »

Approaches to Automate Security Testing in CICD Pipelines

Approaches to Automate Security Testing in CICD Pipelines

As part of the current Software application development approach, Security is one of the concerns we should take as serious. The Internet is growing with threats. We must secure our application from those threats in all the possible ways. If we have some structured approach like DevOps for Software development, it will be easy to

Approaches to Automate Security Testing in CICD Pipelines Read More »