Wednesday 18th April, 2012
3:50pm to 4:25pm
Security Testing is often seen as a specialist skill or role, but there is a range of static and dynamic security analysis tools that can be used by testers to perform common security checks. Unfortunately the dynamic security analysis tools require manual exploratory testing and are not compatible with continuous integration. This presentation will show how the Zed Attack Proxy (ZAP) can be combined with browser automation tests to provide fast automated feedback on common security issues within web applications. The talk will take attendees through adapting existing Selenium based test suites, an overview of performing automated security analysis with ZAP, and incorporating this into Continuous Integration for fast identification of security issues as they are created.
CEO and Founder of @TeamHindsight. Software Engineer applying Behaviour Driven Development, Lean and Continuous Delivery. Also runs to eat lots of cheese bio from Twitter
Sign in to add slides, notes or videos to this session