Whether an IoT device uses a web application or web service for messaging, its code should be statically and dynamically analyzed for software security bugs. In this recipe, we will demonstrate how to configure dynamic scanning of web application builds prior to production deployments.
In this recipe, we will use Jenkins as our automation build server and OWASP ZAP as our dynamic scanner. We will use the OWASP ZAP Jenkins plugin and the OWASP ZAP tool that can be downloaded via the following link:
To setup continuous integration testing for web applications, use the following steps to create your environment.
- First, we need to download the OWASP ZAP plugin, which can be done via Jenkin's plugin manager, as shown in the following screenshot:
OWASP ZAP plugin download
- Jenkins will then restart. Log back into Jenkins and we will work towards configuring ZAP...