Comprehensive guide to securing your Playwright MCP test automation, covering authentication handling, credential management, secure test data practices, and protecting against common security vulnerabilities in automated testing.
Read moreFocuses on security regression testing, explaining how to add automated tests for security bugs found in production using OWASP Juice Shop and Spring Rest Template, with examples for specific vulnerabilities.
Read moreEncourages testers to engage in continuous security, suggesting starting points like OWASP ZAP scans and demonstrating how to write simple API tests with Rest-Assured to verify security headers.
Read moreIntroduces OWASP ZAP for continuous security scanning, detailing setup as a proxy for Selenium traffic and using its Java API to trigger spidering, passive, and active scans, concluding with report generation and assertion.
Read moreIntroduces Find Security Bugs, a static analysis tool for Java security vulnerabilities, explaining Maven integration, configuration, and execution for CI or manual verification, demonstrated with OWASP WebGoat.
Read moreExplains how to leverage existing automated functional tests (Selenium, Rest-Assured) by running them through a local proxy (JMeter, Burp, ZAP etc.) to capture traffic, which can then drive security scanning, performance testing, and exploratory testing efforts.
Read moreIntroduces WireMock for stubbing HTTP dependencies in isolated API testing, explaining Maven/JUnit setup and demonstrating how to define stubs for GET/POST requests matching URL, headers, and body, using Rest-Assured for client requests.
Read moreExplains how to automate Reflected Cross-Site Scripting (XSS) tests using Selenium, covering disabling Chrome's XSS auditor, implementing a Page Object for a vulnerable page (XSS Game Level 1), injecting a script payload, and asserting if an alert appears.
Read moreCompares automated and manual testing in the security context, arguing that while automation (scanners, static analysis) is vital for CI/CD, manual pentesting is crucial for finding complex flaws and addressing social engineering risks, emphasizing their complementary nature.
Read moreIntroduces OWASP Dependency Check for Continuous Security, explaining its integration into Maven projects, running checks, interpreting reports, handling false positives via suppression files, and integrating into CI pipelines with build failure conditions.
Read more