Politecnico di Torino (logo)

Development of a web application for security testing training and support for vulnerability tools

Angelo Russi

Development of a web application for security testing training and support for vulnerability tools.

Rel. Paolo Garza. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2021


This document reports the work carried out during the six month internship in the Security Testing Team (STT) at SAP Labs France. The project is related to research and development of training SAP products. Nowadays, improving any employee knowledge about cyber-security is fundamental to ensure a secure working environment. The STT mainly deals with organizing conferences about security, in particular to raise awareness on the use of static and dynamic tools in the software development pipeline. During these events, attendees participate to theoretical and practical learning sessions, where they become acquainted with tools such as Fortify, Checkmarx, DASTer and Coverity. The training preparation tipically requires organizing the participants, creating the virtual machines and arranging the training material. In order to minimize the manual effort and supply a more effective training management system, a web-applicaton, namely the Auto Training Manager (ATMan), was developed. Moreover, because of the COVID-19 pandemic, virtual training sessions became more and more relevant, requiring the creation of an e-Learning platform. The ADAPT e-Learning platform was chosen to host SAP courses and trainings for employees. The first part of this Thesis reports: - The improvements to the existing platform, such as clarification of the credentials management system, which is in charge of assigning virtual machines and login items to the training participants. - The software engineering process behind the development of the new application modules in charge of the integration between ATMan and the ADAPT e-Learning platform. The second part of this Thesis reports individual research assignments and development tasks related to other security tools. In particular, the focus is on the detection of insecure patterns inside mobile applications. Eventually, an outline about some non-technical performed tasks is presented. It regards the testing and update of learning material for security testing, as well as the interaction and support provided to trainers and trainees during the virtual training sessions.

Relators: Paolo Garza
Academic year: 2020/21
Publication type: Electronic
Number of Pages: 62
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Ente in cotutela: TELECOM ParisTech - EURECOM (FRANCIA)
Aziende collaboratrici: SAP Labs France
URI: http://webthesis.biblio.polito.it/id/eprint/18193
Modify record (reserved for operators) Modify record (reserved for operators)