[WEB SECURITY] Security test case automation

psiinon psiinon at gmail.com
Fri Jan 24 05:00:50 EST 2014


If you are interested in using OWASP ZAP for security tests (either
via the BDD framework or on its own) then have a look at
http://code.google.com/p/zaproxy/wiki/SecRegTests
Theres a video on there which explains how you can use ZAP for
security regression tests and more details about the ZAP API.
And feel free to ask any questions on the ZAP user group:
http://groups.google.com/group/zaproxy-users

I'm certainly not saying that ZAP will solve all of your security
problems, but including it in your development process will allow you
to find vulnerabilities like XSS and SQL injection very early on in
your development process, which is always a good thing.

Simon (ZAP Project Lead)

On Thu, Jan 23, 2014 at 3:44 PM, Martin O'Neal
<martin.oneal at corsaire.com> wrote:
>
>> are there any tools/frameworks available for us to achieve this?
>
>
> Like many situations in life, it's really not about the tool, it's what you do with it. ;)
>
> My experience of being a roaming consultant and visiting dozens of corporate development environments, is that most people that simply buy a tool, do so as an investment in shelfware. Great for the tool vendor (hey, no support costs!) but bad for whoever is looking to get some value out of the investment.
>
> A better approach tends to be a package of education, process reforms, and a deeper understanding of which parts of the process should be owned internally, and which should be outsourced.
>
> This is all just my opinion of course. And I'm sure that whatever tool you buy will look wonderful on your shelf, alongside a photo of your kids. ;)
>
> Martin...
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org



-- 
OWASP ZAP Project leader




More information about the websecurity mailing list