[WEB SECURITY] Security test case automation

Paul Johnston paul.johnston at pentest.co.uk
Thu Jan 23 04:44:57 EST 2014


Hi,

You can automate some security testing. You are best using a dedicated
security testing tool, rather than putting security test cases into a
general testing tool. There are two main approaches: DAST which scans a
running web app, and SAST which analyses source code. They have
different strengths and weaknesses, so you get the most benefit from
running both and combining the results.

What you cannot automate is the mindset of a hacker. Security is not
just about checking for a known set of issues. It is about using
creativity and intuition to think up new ways of attacking a particular
application. So while doing your own QA using DAST/SAST is good, you
should also include some manual penetration testing in your security
programme.

Paul


On 23/01/2014 04:30, vedantam sekhar wrote:
> Hi group,
>
> Need your help here. as part of QA team, we will be writing security
> test cases and also executing them manually using OWASP standard.
> However, i have been given task to see the possibility to automate
> these test cases. are there any tools/frameworks available for us to
> achieve this?
>
> Thanks and Regards,
>
> sekhar
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

-- 

Pentest - The Application Security Specialists

Paul Johnston - IT Security Consultant / Tiger SST
Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

*We're exhibiting at Infosecurity Europe!
Stand K97, Earl's Court London - 29th April - 1st May*
Infosecurity Europe 2014

Email policy: _http://www.pentest.co.uk/legal.shtml#emailpolicy_
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
Accreditations: ISO 9001 (44/100/107029) / ISO 27001 (IS 558982) / Tiger
Scheme

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140123/3fd81b6e/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logos-dl-infosec-withoutdates.png
Type: image/png
Size: 98680 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140123/3fd81b6e/attachment.png>


More information about the websecurity mailing list