security.md

Security Testing of OTS application

• SAST: Using Github CodeQL Website

• Container Scanning: Trivvy Website

• Web/API Testing: Arachni Website

SAST Steps CodeQL Code

Container Scanning Steps Trivvy Code

Web/API Testing Steps

• start docker-compose up

• start docker run --rm -p 222:22 -p 7331:7331 -p 9292:9292 --name arachni arachni/arachni:latest

• access http://localhost:9292 user: admin@admin.admin pass: administrator

• create new scan with default / XSS / SQL Injection and add backend/frontend address.

• Some Screenshots