Security

docs/security.md

Security Testing of OTS application

SAST: Using Github CodeQL Website
Container Scanning: Trivvy Website
Web/API Testing: Arachni Website

SAST Steps CodeQL Code

Container Scanning Steps Trivvy Code

Web/API Testing Steps

start docker-compose up
start docker run --rm -p 222:22 -p 7331:7331 -p 9292:9292 --name arachni arachni/arachni:latest
access http://localhost:9292 user: admin@admin.admin pass: administrator
create new scan with default / XSS / SQL Injection and add backend/frontend address.
Some Screenshots

There aren’t any published security advisories