Integrated security testing: finding security vulnerabilities with your existing test framework

DevSecCon Tel Aviv 2018 Speaker
07 May 2018
13:15 - 15:15
Breakout hall A5

Integrated security testing: finding security vulnerabilities with your existing test framework

Having a dedicated suite of a continuously run security tests seems out of reach for all but the most mature security programs. Scanners only scratch the surface or your application. Yet, many companies already have a large set of integration tests that snake their way deeply into the application, covering nearly every workflow. In this talk, we will use a minimal amount of work to transform these integration tests into a suite of security tests.

Using Selenium, ZAP, and PostMan, we will repurpose integration tests into security tests to search for common web application flaws such as XSS, XXE, and SQLi with more context than a scanner. These security tests will traverse the web application the same way a real user would. We will then extend these tests to find subtle security bugs in authorization, authentication, and business logic.

This session is ideal for testers and developers interested in making security testing part of their continuous integration pipeline.

If you are planning to attend, please go to
https://github.com/distrustCaution/integrated-security-example
and follow the install steps before hand the workshop.

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.

Close