Testing for OWASP's top ten security issues

This recipe details the automatic testing of Jenkins for well-known security issues with w3af, a penetration testing tool from the Open Web Application Security Project (OWASP, http://w3af.sourceforge.net). The purpose of OWASP is to make application security visible. The OWASP top ten list of insecurities includes:

  • A2-Cross Site Scripting (XSS): An XSS attack can occur when an application returns an unescaped input to a client's browser. The Jenkins administrator can do this by default, through the Job description.
  • A6-Security Misconfiguration: A Jenkins plugin gives you the power to write custom authentication scripts. It is easy to get the scripts wrong by misconfiguration.
  • A7-Insecure Cryptographic ...

Get Jenkins Continuous Integration Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.