Improving security of a pentesting platform through CI/CD

The primary goal of this master's project is to develop a robust testing platform specifically designed for evaluating the backend of HuntDown, a web application that allows you to automate cyberattacks. This testing platform has two main objectives: firstly, to identify potential vulnerabilities within the backend infrastructure, and secondly, to ensure that these vulnerabilities are effectively addressed, resolved and monitored. By integrating this testing platform into the development process, the team aims to proactively detect and rectify any security issues in the backend code, thereby ensuring a robust and secure application before deployment through the implementation of Continuous Integration and Continuous Deployment (CI/CD) practices. During the research phase, the HuntDown platform was deeply investigated to fully understand its workflow while discovering vulnerabilities. Once the research has been done, an iterative approach has been adopted, where the platform was subjected to penetration testing while developing the tester in parallel, resulting in the identification several vulnerabilities, including three critical and two high severity findings. Finally, tests were developed to monitor and track these vulnerabilities using the newly integrated tester. ; El objetivo principal de este proyecto de máster es desarrollar una plataforma de testing robusta diseñada específicamente para evaluar el backend de HuntDown, una aplicación web que permite automatizar ciberataques. Esta plataforma de prueba tiene dos objetivos principales: en primer lugar, identificar vulnerabilidades potenciales dentro de la infraestructura de backend y, en segundo lugar, garantizar que estas vulnerabilidades se aborden, resuelvan y monitorizen de manera efectiva. Al integrar esta plataforma de prueba en el proceso de desarrollo, el equipo podrá detectar y corregir proactivamente cualquier problema de seguridad en el backend, asegurando así una aplicación sólida y segura antes de su despliegue mediante el uso de integración ...