O'Reilly logo

Jenkins Continuous Integration Cookbook by Alan Berg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Testing for OWASP's top ten security issues

This recipe details the automatic testing of Jenkins for well-known security issues with w3af, a penetration testing tool from the Open Web Application Security Project (OWASP, http://w3af.sourceforge.net). The purpose of OWASP is to make application security visible. The OWASP top ten list of insecurities includes:

  • A2-Cross Site Scripting (XSS): An XSS attack can occur when an application returns an unescaped input to a client's browser. The Jenkins administrator can do this by default, through the Job description.
  • A6-Security Misconfiguration: A Jenkins plugin gives you the power to write custom authentication scripts. It is easy to get the scripts wrong by misconfiguration.
  • A7-Insecure Cryptographic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required