[WEB SECURITY] Security test case automation

Will Jefferies wjefferies at fncinc.com
Thu Jan 23 09:43:01 EST 2014

I second Static code analysis tools.  I use Checkmarx suite and scan each of our codebases weekly (we have a lot).  It is very good at finding OWasp and SANS 25 vulns, albeit with a lot of false positives, but once you mark those as "not exploitable", the engine ignores them on future scans unless that particular code changes.  I've used the other big name STAT also, but find checkmarx to be a good balance of speed and accuracy.

From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of vedantam sekhar
Sent: Wednesday, January 22, 2014 10:33 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Security test case automation

Hi group,
Need your help here. as part of QA team, we will be writing security test cases and also executing them manually using OWASP standard. However, i have been given task to see the possibility to automate these test cases. are there any tools/frameworks available for us to achieve this?
Thanks and Regards,


Confidentiality Notice: This message is for the sole use of the intended recipient(s).  It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets. If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message. If you have received this message in error, please notify the sender by reply e-mail and delete this message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140123/f45bd701/attachment-0003.html>

More information about the websecurity mailing list