[WEB SECURITY] Security test case automation
Stephen de Vries
stephendv at gmail.com
Thu Jan 23 04:49:46 EST 2014
On 23 Jan 2014, at 10:44, Paul Johnston <paul.johnston at pentest.co.uk> wrote:
> What you cannot automate is the mindset of a hacker. Security is not just about checking for a known set of issues. It is about using creativity and intuition to think up new ways of attacking a particular application. So while doing your own QA using DAST/SAST is good, you should also include some manual penetration testing in your security programme.
…and once you’ve found vulnerabilities through a manual test you can record and automate those findings with a testing framework. Then you can re-run those same tests on your application periodically or even continuously to ensure that code changes to the app don’t introduce security regressions.
> On 23/01/2014 04:30, vedantam sekhar wrote:
>> Hi group,
>> Need your help here. as part of QA team, we will be writing security test cases and also executing them manually using OWASP standard. However, i have been given task to see the possibility to automate these test cases. are there any tools/frameworks available for us to achieve this?
>> Thanks and Regards,
>> The Web Security Mailing List
>> WebSecurity RSS Feed
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>> WASC on Twitter
>> websecurity at lists.webappsec.org
> Pentest - The Application Security Specialists
> Paul Johnston - IT Security Consultant / Tiger SST
> Office: +44 (0) 161 233 0100
> Mobile: +44 (0) 7817 219 072
> We're exhibiting at Infosecurity Europe!
> Stand K97, Earl's Court London - 29th April - 1st May
> Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
> Registered Number: 4217114 England & Wales
> Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
> Accreditations: ISO 9001 (44/100/107029) / ISO 27001 (IS 558982) / Tiger Scheme
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity