Second 50 Hours
Working as a Cloud Development Intern for the second 50 hours has helped me move from learning the basics of OWASP ZAP integration to refining and expanding on what I built earlier. I continued developing the security scanning process, this time working on the active scan and incorporating the AJAX spider using the -j parameter. However, I discovered that the active scan HTML reports did not follow the rules.conf configuration file, which made the output less reliable. Because of that, I switched back to the passive scan, focusing on automating it so that a passive scan runs every time a merge request is created. I recently finished implementing that functionality, and my next goal is to explore generating JSON reports, since they allow for more flexible filtering of alerts, even during active scans. Although my work is still limited to my forked repository and has not been merged or reviewed yet, this phase gave me more depth in understanding how automated security testing fits into continuous integration pipelines.
The value of technical independence and incremental improvement are the most important lessons I’ve learned during this period. I remained focused on GitLab CI/CD and VS Code, and spent a lot of time reading through OWASP ZAP’s documentation, especially about its Docker-based implementation, since I was using ZAP through a containerized image rather than its GUI application. I also learned more about merge request automation, and how to continuously improve pipeline logic with each iteration. This time, I did not face major technical blockers; things just started to flow more naturally. Understanding how the pipeline worked allowed me to make confident adjustments without second-guessing each step. Compared to the first 50 hours, I feel much more self-sufficient and efficient in how I approach technical tasks.
In terms of communication, I have to admit this has been a weaker area for me. The project I’m working on is highly individual, and I’ve mostly been operating independently with minimal supervisor input. I do share updates periodically, though I’ve fallen behind at times. The other intern on the team is more active in the chat, which made me realize that I could be more proactive in sharing my own progress. On a positive note, I have gotten better at daily stand-up (DSU) updates. I no longer rely on a written script and can now talk more naturally about what I’ve been working on. While I haven’t given any formal presentations or participated in code reviews yet, I’ve started sharing screenshots and images of my progress to keep the team informed.
Even though my work is still in progress, I believe it has started adding real value to the project. The pipeline scans are now more reliable, and I’ve been able to produce cleaner results and begin experimenting with automated reporting. While I haven’t contributed to formal documentation, my understanding of DevSecOps concepts has definitely improved. I now have a clearer sense of how continuous integration and security automation work together to reduce vulnerabilities before deployment. My understanding of cloud workflows, however, still feels limited. I recognize terms like EC2, S3, Lambda, and DynamoDB, but I haven’t yet had the opportunity to use them directly in this internship.
Overall, these second 50 hours have built on my earlier foundation and helped me grow into a more independent developer. I feel more confident navigating GitLab CI/CD pipelines, troubleshooting configurations, and refining automation logic. For the next 50 hours, I plan to fully complete the OWASP ZAP integration with automated scans and automated comments. I also want to reach out to my supervisor to find opportunities to get hands-on with AWS so I can expand my skills beyond GitLab. I’m continuing to study for the AWS Solutions Architect Associate certification, and I hope to align that learning with future projects in the internship.
Leave a Reply