Evaluación de herramientas de software para la detección de vulnerabilidades y malas prácticas de seguridad en arquitecturas cloud nativas AWS

Abstract

Abstract: The objective of this project is to identify the most suitable tool for the current needs in cloud environments, an area that is constantly growing due to its elasticity in terms of the hardware required. Initially, a quantitative methodology was adopted, hoping to receive a number of vulnerabilities found by each tool, taking into account that the best tool would be the one that gives us the highest number of vulnerabilities. However, a qualitative approach was also used when verifying the types of vulnerabilities found by each tool, and when observing what type of vulnerabilities could or could not be mitigated, depending on the business logic of the tool.