Functional and Security Testing - An amalgamated automation approach

With increasing cyber threats & online attacks, an unavoidable situation for continuous security testing has emerged.

Making sure all vulnerabilities are unleashed regularly is highly significant.


The paper hence proposes a solution where automated security testing could be achieved in conjunction with functional testing carried out using selenium API.

It introduces a framework that caters to automated security testing along with functional which could provide an integrated testing elucidation.

The paper, takes in these two premises to offer a solution where functional automation testers can now take on security testing. I propose a framework where automated security testing could be achieved in conjunction with functional testing using existing selenium API scripts.

The framework covers the top vulnerabilities and provides intuitive results that help a non-security tester interpret and act on the output. At the very core of this framework is the open source tool, OWASP ZAP, which is easy to use and integrates well with Selenium automation frameworks.

I bring in hands on project experience having implemented this framework for clients, who have been able to get the value of functional and security testing using the same set of scripts – it is this experience I would like to share with the ATAGTR2016 audience, to help groom functional testers into security testing, with minimal cost and time, also enabling security testing to be performed every time functional automation is taken up.

 
 

Outline/Structure of the Demonstration

With increasing cyber threats & online attacks, continuous security testing has become inevitable and making sure all vulnerabilities are unleashed regularly, is highly significant.


The paper, hence proposes a solution where automated security testing could be achieved in conjunction with functional testing carried out using selenium API.

It introduces a framework that caters to automated security testing along with functional which could provide an integrated testing elucidation.

Followings are the main key points of this presentation :

  1. Need For Automated Security Testing
  2. Spectrum of Available Tools
  3. Core Tool Of Our Security Testing Framework
  4. Framework Architecture
  5. Framework Coverage
  6. Demo
  7. Analysis and Reporting
  8. Take Aways

Learning Outcome

  1. Make security testing a habit
  2. Leverage  existing functional test scripts - run security tests in parallel
  3. Sync with DevOps. Integrate with CI tools
  4. Open invite to all teams to try this tool

Target Audience

Software Professionals, Software Testers, QA Leads, Automation experts,

schedule Submitted 4 years ago

Public Feedback