Week 6: Scientific Paper Proposal (#2547)

* Create dvavd-muhammad1928 * Delete contributions/presentation/week3/dvavd-muhammad1928 * Create README.md for presentation * Rename folder from dvavd-muhammad1928 to streuli-mnem * update according to discussion in PR: highlight flyway as a tool for database versioning. * Update contributions/presentation/week3/streuli-mnem/README.md Thanks! Co-authored-by: Aman Sharma <[email protected]> * add proposal for feedback * adjust deadline * add team member * add readme for task proposal * add readme for task demo * add break * doc: fix the task category * remove readme * Update contributions/scientific-paper/week6/streuli-prerna/README.md Co-authored-by: Aman Sharma <[email protected]> * add description of SAST and DAST --------- Co-authored-by: David Streuli <[email protected]> Co-authored-by: Aman Sharma <[email protected]> Co-authored-by: DavidCWQ <[email protected]>
KTH · Sep 29, 2024 · 0e42884 · 0e42884
1 parent 7645b29
commit 0e42884
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/contributions/scientific-paper/week6/streuli-prerna/README.md b/contributions/scientific-paper/week6/streuli-prerna/README.md
@@ -0,0 +1,27 @@
+# Assignment Proposal
+
+## Title
+
+Implementing and Automating Security Scanning to
+a DevSecOps CI/CD Pipeline
+
+## Names and KTH ID
+
+  - Prerna Gupta ([email protected])
+  - David Streuli ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Scientific paper
+
+## Description
+
+The paper explores the automation of security scanning focusing on containerised applications. The paper explores the application of Static Application Security Testing (SAST) and Dynmaic Application Security Testing (DAST) to enhance security. SAST is a static analysis technique while DAST tests the application at runtime and does not need to have access to the source code. We'll explain how integrating corresponding tools improves the security of containerized applications by finding vulnerabilities soon and automating their removal from the CI/CD process, the effectiveness of deploying and automating security scanning in DevSecOps pipeline with Snyk and StackHawk tools and methodologies used for detecting vulnerabilities.We conclude the presentation with future scope. The paper can be found here: https://ieeexplore.ieee.org/abstract/document/10235015
+
+**Relevance**
+
+In this paper, a DevSecOps CI/CD pipeline integrated dynamic security testing strategy to address the special requirements of securing containerised applications. The model features early vulnerability detection and push left practices with automated remediation using tools such as Snyk for Static Application Security Testing (SAST) and StackHawk for Dynamic Application Security Testing (DAST), all during the software development lifecycle (SDLC).