Using automated end-2-end tests to automatically analyze web applications with OWASP ZAP In one of my last stories [Automated Security Testing in Agile Software...
Using automated end-2-end tests to automatically analyze web applications with OWASP ZAP
In one of my last stories Automated Security Testing in Agile Software Projects, I had a look at automated security tests using OWASP ZAP. This tool can be used to perform automated penetration tests for various kinds of web application and can easily be integrated into existing CI/CD pipelines. ZAP can provide valuable and fast feedback to developers. However, to get the optimum out of it, you need to tweak it to your specific setup. Crucial thereby is the exploration stage where ZAP analyses the application and tries to find all provided endpoints.
The simplest way to do this is to use a web-spider following all links and references or to provide an OpenAPI specification of your endpoints. While this already provides valuable feedback, it also bears some limitations (see details in my last story):
As an alternative approach, you can use the ZAP interception proxy together with automated system tests. When provided with an exhaustive set of such tests, ZAP should be able to detect all provided application endpoints, without additional tweaking.
To test this, I created a simple test application featuring a single page frontend build with Angular, a REST backend build using Spring Boot and OpenID-Connect for Authentication. You can find the source code as well as a Readme at GitHub. Additionally, you can find the source code of the performed test in another GitHub-Repository.
It is time to learn new test frameworks in 2021 to improve your code quality and decrease the time of your testing phase. Let's explore 6 options for devs. 7 Test Frameworks To Follow in 2021 for Java/Fullstack Developers.
Cybercrime is one of the world’s fastest-growing threats, with malicious actors constantly elaborating their methods of undetectable intrusion. According to Verizon’s Business 2020 Data Breach Investigations report, there has been a 100% increase in web app breaches, and stolen credentials were used in more than 80% of these cases. These statistics are worrying for many businesses that actively move their processes to the cloud and deal heavily with customers’ personal data.
It's not a matter of if but when your company will be the target of an attack. With the help of penetration testing, you can locate those vulnerabilities. Once discovered, your IT department can set about patching the vulnerable devices.
What is OpenJDK? OpenJDk or Open Java Development Kit is a free, open-source framework of the Java Platform, Standard Edition (or Java SE).
The solution to keeping your Java applications secure is simple: make sure they stay up to date. Check out the details within.