Functional and Security Testing - An amalgamated automation approach

With increasing cyber threats & online attacks, an unavoidable situation for continuous security testing has emerged.

Making sure all vulnerabilities are unleashed regularly is highly significant.


The paper hence proposes a solution where automated security testing could be achieved in conjunction with functional testing carried out using selenium API.

It introduces a framework that caters to automated security testing along with functional which could provide an integrated testing elucidation.

The paper, takes in these two premises to offer a solution where functional automation testers can now take on security testing. I propose a framework where automated security testing could be achieved in conjunction with functional testing using existing selenium API scripts.

The framework covers the top vulnerabilities and provides intuitive results that help a non-security tester interpret and act on the output. At the very core of this framework is the open source tool, OWASP ZAP, which is easy to use and integrates well with Selenium automation frameworks.

I bring in hands on project experience having implemented this framework for clients, who have been able to get the value of functional and security testing using the same set of scripts – it is this experience I would like to share with the ATAGTR2016 audience, to help groom functional testers into security testing, with minimal cost and time, also enabling security testing to be performed every time functional automation is taken up.

 
2 favorite thumb_down thumb_up 10 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

With increasing cyber threats & online attacks, continuous security testing has become inevitable and making sure all vulnerabilities are unleashed regularly, is highly significant.


The paper, hence proposes a solution where automated security testing could be achieved in conjunction with functional testing carried out using selenium API.

It introduces a framework that caters to automated security testing along with functional which could provide an integrated testing elucidation.

Followings are the main key points of this presentation :

  1. Need For Automated Security Testing
  2. Spectrum of Available Tools
  3. Core Tool Of Our Security Testing Framework
  4. Framework Architecture
  5. Framework Coverage
  6. Demo
  7. Analysis and Reporting
  8. Take Aways

Learning Outcome

  1. Make security testing a habit
  2. Leverage  existing functional test scripts - run security tests in parallel
  3. Sync with DevOps. Integrate with CI tools
  4. Open invite to all teams to try this tool

Target Audience

Software Professionals, Software Testers, QA Leads, Automation experts,

schedule Submitted 1 year ago

Comments Subscribe to Comments

comment Comment on this Proposal
  • Aditya Garg
    By Aditya Garg  ~  1 year ago
    reply Reply

    Hi Sarvesh and team,

    Do you think 20 minutes is sufficient.

    Also there is a refernce of STC - can you rather put #ATAGTR2016 instead it would not be cut n paste :-)

    • Sarvesh Shrivastava
      By Sarvesh Shrivastava  ~  1 year ago
      reply Reply

      Hello Aditya,


      I have removed STC reference and added ATAGTR2016.

      what is your take on the 20 minute duration?
      whats the normal duration people generally target in GTR?

      We can increase it to 40 minute if you want by increasing the content and the demo.. but then audience may loose interest. That is why we wanted it be short and sweet. :)


      Also we are planning to extend some capabilities to the existing demo and content and will showcase that.

      • Schalk Cronjé
        By Schalk Cronjé  ~  1 year ago
        reply Reply

        If you can do this 'short and sweet` it would actually be lovely. I can see how this can be a much longer talk, but if you do 20mins and excite the audience so that they have things they want to  read about,

        • Sarvesh Shrivastava
          By Sarvesh Shrivastava  ~  1 year ago
          reply Reply

          Sure buddy. we will try our best.

          • Aditya Garg
            By Aditya Garg  ~  1 year ago
            reply Reply

            How much coverage you will give on OWASP ZAP. 

            • Sarvesh Shrivastava
              By Sarvesh Shrivastava  ~  1 year ago
              reply Reply

              We will cover OWASP top 10.

              • Schalk Cronjé
                By Schalk Cronjé  ~  1 year ago
                reply Reply

                I think the question was how coverage will the tool get in the presentation.

                • Sarvesh Shrivastava
                  By Sarvesh Shrivastava  ~  1 year ago
                  reply Reply

                  I'lldiscuss on OWASP ZAP tool about 2 to 3 mins.

                  The central focus of my topic is automated security testing framework which we have developed.

                  • Schalk Cronjé
                    By Schalk Cronjé  ~  1 year ago
                    reply Reply

                    All right. IS the framework something that is in-house, or are you making it available in commercial or non-commerical form?

                    • Sarvesh Shrivastava
                      By Sarvesh Shrivastava  ~  1 year ago
                      reply Reply

                      Framework is something that we have developed in house at QA Infotech.