Test automation with a drop of security scanning
I want to show you how easy it is to extend your test automation for any web application with a drop of security scanning. We will use examples based on web driver automation and scanning proxy-a-like scanning tools, i.e. OWASP ZAProxy or BurpSuite. Giving you the possibility to scan against whole OWASP TOP 10 list and building confidence in your product reliability.
You do not have to be a security expert. Only things needed is to set up the running environment of your automated tests. That will allow moving the automated operations to be the input for Security Scanner. Then apply the scanning rules on the testing depth level and server software stack. Run the scan. It is just so simple. With a bit of patience in a result, you will get a list of vulnerabilities with attack patterns, the risk level and possible effect descriptions. All of that is very simple and easy for a start, even gives you the ability to have a safe mode to not worry about destroying system under test.
I know, Scanners give lots of false-positives, but aren’t they a great place to start learning? Zap with full reproduction steps and features to help you to reproduce the attack will allow you to expand your knowledge base very quickly.
Curious about security testing and how to start learning and doing that in your project? Want to start expanding your automation scenarios benefits by using them as input for security testing? I plan to give you all of that…
His “Business as Usual” is varied and exciting. Michał is a part of a PCI team in NewVoiceMedia, where he is the advocate for great and efficient testing. He gives his insight into the design of the features, the definition of the scope of testing. Michał works with Developers to create automated tests for their Continuous Integration and Delivery platform.
In addition, he explores the features and products, supports regression and releases and expands his knowledge to be able to improve all everyday stuff. He takes his self-learning seriously, shares “new-fancy stuff” with others and helps team members grow as individuals.
In the future, Michał wants to become a champion of good testing and provide support to all functions which directly interact with their customers. To achieve that he is allowed and expected to challenge assumptions and suggest different ways of working/testing.
In his free time, Michał is encouraged by the organisation to share their experience and tries his best to take his public speaking hobby into a whole new, professional level.