[WEB SECURITY] Security test case automation

Stephen de Vries stephendv at gmail.com
Thu Jan 23 04:49:46 EST 2014


On 23 Jan 2014, at 10:44, Paul Johnston <paul.johnston at pentest.co.uk> wrote:
> 
> What you cannot automate is the mindset of a hacker. Security is not just about checking for a known set of issues. It is about using creativity and intuition to think up new ways of attacking a particular application. So while doing your own QA using DAST/SAST is good, you should also include some manual penetration testing in your security programme.

…and once you’ve found vulnerabilities through a manual test you can record and automate those findings with a testing framework.  Then you can re-run those same tests on your application periodically or even continuously to ensure that code changes to the app don’t introduce security regressions.

Stephen





> 
> 
> On 23/01/2014 04:30, vedantam sekhar wrote:
>> Hi group,
>> 
>> Need your help here. as part of QA team, we will be writing security test cases and also executing them manually using OWASP standard. However, i have been given task to see the possibility to automate these test cases. are there any tools/frameworks available for us to achieve this?
>> 
>> Thanks and Regards,
>> 
>> sekhar
>> 
>> 
>> 
>> _______________________________________________
>> The Web Security Mailing List
>> 
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>> 
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>> 
>> WASC on Twitter
>> http://twitter.com/wascupdates
>> 
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> 
> -- 
> Pentest - The Application Security Specialists
> 
> Paul Johnston - IT Security Consultant / Tiger SST
> Office: +44 (0) 161 233 0100
> Mobile: +44 (0) 7817 219 072
> 
> We're exhibiting at Infosecurity Europe!
> Stand K97, Earl's Court London - 29th April - 1st May
> <logos-dl-infosec-withoutdates.png>
> 
> Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
> Registered Number: 4217114 England & Wales
> Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
> Accreditations: ISO 9001 (44/100/107029) / ISO 27001 (IS 558982) / Tiger Scheme
> 
> _______________________________________________
> The Web Security Mailing List
> 
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> 
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> WASC on Twitter
> http://twitter.com/wascupdates
> 
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140123/c3cc9ecb/attachment-0003.html>


More information about the websecurity mailing list