Scribd Logo
Upload

Welcome to Scribd!

  • Re-Test Functionality: Personal Details

    Uploaded by

    Kshitij Aggarwal
    12 views3 pages
    Kshitij Aggarwal is a third year undergraduate student in India studying computer science and engineering. His semester has been suspended due to COVID-19, leaving him time to work on a GSoC project involving adding retest functionality to the OWASP ZAP security tool. The project would allow rescanning alerts found in an initial scan to test for vulnerabilities like SQL injection more thoroughly. Kshitij is interested in cybersecurity and hopes working on this project will help him pursue further studies and career opportunities in the field.

    Original Description:

    Original Title

    Proposal.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Kshitij Aggarwal is a third year undergraduate student in India studying computer science and engineering. His semester has been suspended due to COVID-19, leaving him time to work on a GSoC project involving adding retest functionality to the OWASP ZAP security tool. The project would allow rescanning alerts found in an initial scan to test for vulnerabilities like SQL injection more thoroughly. Kshitij is interested in cybersecurity and hopes working on this project will help him pursue further studies and career opportunities in the field.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views3 pages

    Re-Test Functionality: Personal Details

    Uploaded by

    Kshitij Aggarwal
    Kshitij Aggarwal is a third year undergraduate student in India studying computer science and engineering. His semester has been suspended due to COVID-19, leaving him time to work on a GSoC project involving adding retest functionality to the OWASP ZAP security tool. The project would allow rescanning alerts found in an initial scan to test for vulnerabilities like SQL injection more thoroughly. Kshitij is interested in cybersecurity and hopes working on this project will help him pursue further studies and career opportunities in the field.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Re-test Functionality

    Personal Details

    Name: Kshitij Aggarwal

    University: National Institute of Technology, Tiruchirappalli

    Email: kshitijaggrwl@gmail.com

    Country of Residence: India

    Timezone: IST (GMT + 05:30)

    Primary Language: English

    I am a third year undergraduate student pursuing B.Tech in Computer Science and


    Engineering at National Institute of Technology, Tiruchirappalli. My semester has
    been suspended until late June due to spread of COVID-19 leaving me enough time
    to get ready for my GSoC project. If I am selected, I shall be able to work around 50
    hrs a week on the project, though am open to putting in more effort if the work
    requires.

    Technical Knowledge

    The relevant undergraduate courses that I have done include:

    ● Principles of Cryptography

    ● Network Security

    ● Internetworking Protocols

    ● Computer Networks

    I am currently doing cybersecurity specialization from coursera which includes


    courses on Usable Security, Software Testing, Cryptography and Hardware Security.

    I am well versed with C++, Python and Java. I also possess fair Web Development
    Skills with knowledge in HTML, CSS, Javascript, PHP, Nodejs, Bootstrap and Ajax.
    Some of my previous projects in cybersecurity include -

    ● Image Encryption Techniques: A literature survey was conducted to analyse


    different image encryption techniques. Main focus was given on the state of the
    art encryption strategy based on chaos theory.

    ● Digital Forensics: An experiment was conducted to analyse the data retrieved


    from the system’s RAM to identify recoverable browsing information. The
    experiment used three different web applications with two different web
    browsers and was able to retrieve important data like username and passwords.

    Project

    Project Abstract

    This project aims to add extra functionality to rescan the results of the primary
    scan of a request. This secondary scan will basically be a targeted scan of the
    alerts found in the previous scan. To begin with, functionality for 'Oracle SQL
    Injection' vulnerability can be considered but the scope of the project can be
    modified to include OWASP top 10 vulnerabilities. We plan out to build a 'Retest'
    option under right click for both specific and entire grouping of alerts.

    Timeline

    Pre GSOC

    Try to understand the code base of the ZAP project for example how penetration
    testing is carried out in ZAP. Try to solve some existing issues to identify the
    work-flow of the process.

    Community Bonding

    Discussing with the team on what exactly needs to be the problem


    statement(minute details, like kind of vulnerabilities needs to be addresses, alerts
    category) and create an outline for the project.

    Week 1-2

    Understand the relevant parts of the ZAP code base and try to figure out how the
    final product should look like, how many and what kind of weakness should be
    addressed etc.

    Week 3-5

    Begin implementing basic retest functionality. In these weeks, focus will be on


    implementing retest option for most common vulnerabilities like SQL Injection.
    Re-test for specific alerts will be implemented which then can be grouped to perform
    retesting of an entire group of alerts.
    Week 6-8

    Code will be extended to other advanced vulnerabilities like broken authentication,


    sensitive data exposure.

    Week 9–10

    Start working on the designing views for implementation of this code in the toolkit.

    Week 11–12

    Take feedback from the community and iterate on the design and improvise on use
    cases. Ensure code quality by adding more test cases and working with more
    requests. Work to make document, blogs or videos to help increase the user base for
    this product(Subject to developer community approval).

    Week 13

    Spare week in case of some work getting delayed, in case of any emergency or
    otherwise.

    What project is not about?

    The project aims to build retesting functionality for the vulnerabilities that can
    already be tested by ZAP. It does not try to implement functionality for new
    vulnerabilities that are currently not tested by ZAP.

    Personal Inspiration for the Project

    I am really excited to work on the idea of Vulnerability Testing. I have been always
    been fascinated by the red team of the the companies who try to break into the
    existing system to find weaknesses. I have tried to explore this field by blogs and
    research papers. I have tried to explore the field of cyber security by doing projects
    under my institute’s professors.

    In addition to this, I plan on to pursue higher studies in the field of cyber security.
    That’s why I feel that this project will be a major addition to my profile and help to
    secure admission in a prestigious university.

    You might also like