Hi all, I am K.Suthagar who is studying at Department of Computer Science and Engineering, Faculty of Engineering, University of Moratuwa. An aspiring young entrepreneur with good leadership skills and quick learning abilities. Simultaneously I am doing some non-academic projects at my startup Inncaps. I am also involved in Open Source Developments. You can reach me using this following links,
- LinkedIn : https://www.linkedin.com/in/ksuthagar - GitHub : https://github.com/suthagar23 - Website : http://suthagar.inncaps.com/ Here, I am contacting you about the Google Summer of Code Projects 2017, When I come across the Google Summer of Code 2017 Project Ideas, I found some great projects at WSO2 Page. After completion of the Proposals reading, I have finalized and would like to contribute for the Proposal 22: [Platform Security] Security Testing as a Service with Docker Containerization project through GSoC 2017. I have referred some more about the mentioned technologies and I have some previous experience about some of this technologies. - FindSecBugs - I am using this static testing to ensure my security bugs and problems in Java Code using my IntelliJ Idea IDE and I am familiar with this plugin for several months. - OWASP Dependency Check - I got some exact idea from a security hackathon which was organized by Yarl IT hub. Through some previous workouts, I have some better knowledge about the dependency checking with OWASP. - OWASP ZAP - I haven't used it for my projects, but I have some basic understanding about this dynamic security analysis method and I will try to get familiar with this tool in coming days. - When considering the other technologies, I have good understanding in Web Services(SOAP and REST), JSP and Docker(I haven’t use the docker a lot, but can learn as soon as possible). As I already familier with few of this technologies, I believe by contributing to this project, I can learn more about Security automation and Security testing. . I have already started looking into the work that have been already done in this domain using the materials you have already shared. To continue the work and get a clear understanding about the project I need your guidance to develop my idea in large scale. I have prepared an idea for the Project according to the proposal description. I would like to express the part of my idea here, The Project is going to be a Security Testing environment for the developers, which will take the source code as the input and do all the 3 types of security testing in parallel or sequentially . This environment will be configured inside the docker and the developer should be able to sporn the docker instances whenever required and do the needed testings. Here, I have shown a GUI, which will take the github repository URL as the input to the Security testing environment, developer can choose the testing that needs to be done. - In github repository, there will be lots of changes happening everyday anyway the developers needs to run the Security testing for all the changes before commits. But, I have one problem here, (1) as we are going to develop this as a security automation tool, is the expectation is to build the tool as it could automatically get triggered once the commit/merge is done ? - I have drawn a sample system diagram for the process. It would be great if you could confirm the expected implementation should as below [image: A.png] I have mentioned my exact idea about the project domain, as I mentioned I need your guidence to move forward, also I am planning to focus on docker as I’m not much familiar with this topic. Please guide me to move forward, successfully. I will start preparing my proposal once I get a clear picture about the project idea Thank you for your valuable time and considerations. Regards, Suthagar. -- *K*AILAYAPATHY *S*UTHAGAR Undergraduate, Department of Computer Science & Engineering, University of Moratuwa, Sri Lanka. Address :154/2, Navalar Road, Jaffna Mobile : 077 9543968 <555-77777> Email : suthagar...@cse.mrt.ac.lk | suthaga...@gmail.com <ow...@company.com>LinkedIn : http://www.linkedin.com/in/ksuthagar <http://www.company.com/>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
