Automated Security Testing

Security Testing is often seen as a specialist skill or role, but there is a range of static and dynamic security analysis tools that can be used by testers to perform common security checks. Unfortunately the dynamic security analysis tools require manual exploratory testing and are not compatible with continuous integration. This presentation will show how the Zed Attack Proxy (ZAP) can be combined with browser automation tests to provide fast automated feedback on common security issues within web applications. The talk will take attendees through adapting existing Selenium based test suites, an overview of performing automated security analysis with ZAP, and incorporating this into Continuous Integration for fast identification of security issues as they are created.