中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77620
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 41649642      在线人数 : 1377
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77620


    题名: 利用容器技術建立資安測試即服務—以OWASP ZAP為例;Implementing Security Testing as a Service with OWASP ZAP
    作者: 陳麗如;Chen, Li-Ju
    贡献者: 資訊管理學系在職專班
    关键词: 測試即服務;TaaS;OWASP ZAP;Docker;資訊安全;Testing as a Service;OWASP ZAP;Docker;Security Testing;Information Security
    日期: 2018-07-23
    上传时间: 2018-08-31 14:50:06 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著 Web 在現代人生活中愈來愈重要,它的安全性也就愈應該受到重視。然而Web的改版頻率較之傳統的應用程式、或系統軟體,更為頻繁,要兼顧更新頻繁與資訊安全,就需要一個具有效率以及使用彈性的資安測試系統。雲端運算的一個重要概念,就是可以將任何東西轉為以服務的方式來提供 (as a service),而且隨選隨用、用完即還,用多少算多少。
    本論文提出一個資安測試即服務的系統 (Security Testing as a Service, STaaS) ,係利用Docker的容器技術,藉由OWASP ZAP的靜態掃描與動態分析等功能,提供資安測試服務。這個STaaS系統享有容易建立與部署、部署迅速、易於維護、與資源利用更有效率等好處。未來還可以加入自動化測試系統、與CI/CD整合,讓資訊安全也同時是軟體開發/部署流程的一個部份。;As people are more and more relying on web to get information and acquire services, the importance of web security can no longer be overstated. In the meantime, the web system is usually getting updated more often than traditional application systems. Therefore, it is more critical for web security testing to consider building a more flexible and efficient testing system in order to ensure the web security while being able to handle frequent updating cycles. One big advantage of cloud computing is to provide "anything as a service" meaning for the extensive variety of services and applications for people to access on demand and to “pay as you go”.
    This thesis aims to utilize the OS level virtualization technology provided by Docker and the powerful passive/active security scanning features provided by OSWAP ZAP, the web security testing application, to implement the Security Testing as a Service (STaaS). This STaaS system is not only quick to deploy, but also easy to maintain, and it’s even more efficient on resources utilization. In the future, STaaS can also be integrated with test automation, or CI/CD system to further embed security testing as a part of continuous development and deployment.
    显示于类别:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML206检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明