@inproceedings{54345b4aeec546c685c14a06fac55490,
title = "Vulnerability testing in the development cycle",
abstract = "Web applications have been the target of endless attacks. The root cause of such breaches and exposures are vulnerabilities found within web applications. Despite applying various mitigating measures, including security best-practises, a very high percentage of web applications contain vulnerabilities year after year. In order to improve the security of web applications, a comprehensive metrics program is required, which performs ongoing measurement of the security posture of a web application, tracks progress, and in so doing, guides the selection of the most effective security related activities. The prototype, 'Vulnerability Test Network Prototype', hereafter referred to as VTNP, determines the security posture of a web application as early as possible in the development cycle and does this continuously as the web application is changed. This enables measuring and tracking the security posture of a web application and guides the selection of the most appropriate S-SDLC measures.",
keywords = "CI, Continuous integration, Implementation phase, Metrics, S-SDLC, Security, Virtual machine, Vulnerability, Vulnerability scanner, Web application",
author = "{Van Rensburg}, Alice and {Von Solms}, {S. H.}",
note = "Publisher Copyright: {\textcopyright} 2017 IIMC / IST-Africa.; 2017 IST-Africa Week Conference, IST-Africa 2017 ; Conference date: 31-05-2017 Through 02-06-2017",
year = "2017",
month = nov,
day = "8",
doi = "10.23919/ISTAFRICA.2017.8102373",
language = "English",
series = "2017 IST-Africa Week Conference, IST-Africa 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2017 IST-Africa Week Conference, IST-Africa 2017",
address = "United States",
}