Hi Pavithra, You can use WSO2 Integration Cloud[1] as the cloud service provider for your project[2].
For implementing *Cloud based security testing service *you can try out [1] docker image. My recommendation is to play with it locally and create your own docker image and deploy as a cloud service in Integration Cloud [1] later. Follow [4] for deploying custom docker images in cloud. Creating your docker images you can follow [5],[6] Front end application for consuming the cloud service can be deployed as a web application in the Integration cloud [1]. Also to get familiar with the cloud you can follow the cloud documentation[3]. [1] http://wso2.com/cloud/integration-cloud/# [2] https://docs.wso2.com/display/GSoC/Project+Proposals+for +2017#ProjectProposalsfor2017-Proposal22:[PlatformSecurity] SecurityTestingasaServicewithDockerContainerization [3] https://docs.wso2.com/display/IntegrationCloud/WSO2+Inte gration+Cloud+Documentation [4] https://medium.com/@mcvidanagama/wso2-integration-cloud- now-supports-millions-of-app-types-4489e742a4e2#.z8p4knpz1 [5] https://docs.docker.com/engine/getstarted/step_four [6] https://docs.docker.com/engine/userguide/eng-image/baseimages Thanks, Kasun On Mon, Feb 20, 2017 at 11:31 AM, Prakhash Sivakumar <prakh...@wso2.com> wrote: > Hi Pavithra, > > Thanks for your interest in WSO2 for GSoC and this project. > > As for the starting point, please follow the below references I have added > here. This will give you a clear idea about using ZAP, Dependency Check, > Find Security Bugs and also the Jenkins based security automation. In > addition to this, you can start playing with Docker and Kubernetes in the > mean time. > > I'm adding other possible mentors to this thread. We will provide some > other development tasks to you after you are getting some good knowledge on > the given area. > > [1] https://medium.com/@PrakhashS/dynamic-scanning-with-owasp-zap-for- > identifying-security-threats-complete-guide-52b3643eee04#.4z3r3mbfo > [2] https://medium.com/@PrakhashS/security-testing-for-apis-using-zap- > 5df8ec07a131#.l09rgodlk > [3] https://medium.com/@PrakhashS/automating-the- > boring-stuffs-using-zap-and-jenkins-continues-integration- > d4461a6ace1a#.qucoiyfqv > [4] https://medium.com/@PrakhashS/checking-vulnerabilities-in-3rd-party- > dependencies-using-owasp-dependency-check-plugin-in- > jenkins-bedfe8de6ba8#.swzqm7b0y > [5] http://www.securityinternal.com/2016/06/static-code-analysis-for-java- > using.html > [6] http://www.securityinternal.com/2017/02/secure-software-development- > with-3rd.html > [7] http://www.securityinternal.com/2016/10/owasp-dependency-check-cli- > analyzing.html > [8] http://wso2.com/blogs/thesource/2017/01/how-we-handle- > security-at-wso2/ > > Thanks, > Prakhash > > On Mon, Feb 20, 2017 at 11:04 AM, pavithra rox <pavithrar...@gmail.com> > wrote: > >> Hi All, >> >> My name is Pavithra Prabodha, from Sri Lanka Institute of Information >> Technology, currently studying in the final (4th) year specializing in >> Software Engineering. >> >> I am interested in taking part in GSoC 2017 with WSO2 and I hereby wish >> to apply for the Security Testing as a Service with Docker >> Containerization project. >> >> I have been following up the work done by the security team of WSO2 and >> already have watched the two webinars [1,2] done last year. >> >> In addition to that, I have taken part in the security meetups as well >> which you organized. >> >> I’m experienced in Java, Maven, Git, Jenkins, docker and wish to learn >> any required technologies for the project. >> >> In order to get started with the project, I got familiar with the >> security tools like FindSecBugs, OWASP Dependency Check and OWASP ZAP. >> >> I also used the existing docker images of these tools (ZAP [3]) and ran >> the tool as containers and got familiar with the usage of docker in >> security testing. >> >> Considering above, I appreciate if you can guide me for getting started >> with the project. >> >> [1] http://wso2.com/library/webinars/2016/10/application-securit >> y-your-success-depends-on-it/ >> >> [2] http://wso2.com/library/webinars/2016/10/a-proactive-strateg >> y-for-security-management-at-wso2/ >> >> [3] https://hub.docker.com/r/owasp/zap2docker-stable/ >> >> Best Regards, >> Pavithra >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Prakhash Sivakumar > Software Engineer | WSO2 Inc > Platform Security Team > Mobile : +94771510080 <+94%2077%20151%200080> > Blog : https://medium.com/@PrakhashS > -- *Kasun de Silva* Senior Software Engineer | Cloud Blog: https://medium.com/@kasun.dsilva WSO2 Inc <http://wso2.com>*. *|* E*mail : kas...@wso2.com | Mobile: +94 77 794 4260
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
