Comprehensive guide to securing your Playwright MCP test automation, covering authentication handling, credential management, secure test data practices, and protecting against common security vulnerabilities in automated testing.
Read articleFocuses on security regression testing, explaining how to add automated tests for security bugs found in production using OWASP Juice Shop and Spring Rest Template, with examples for specific vulnerabilities.
Read articleEncourages testers to engage in continuous security, suggesting starting points like OWASP ZAP scans and demonstrating how to write simple API tests with Rest-Assured to verify security headers.
Read articleIntroduces OWASP ZAP for continuous security scanning, detailing setup as a proxy for Selenium traffic and using its Java API to trigger spidering, passive, and active scans, concluding with report generation and assertion.
Read articleIntroduces Find Security Bugs, a static analysis tool for Java security vulnerabilities, explaining Maven integration, configuration, and execution for CI or manual verification, demonstrated with OWASP WebGoat.
Read articleExplains how to leverage existing automated functional tests (Selenium, Rest-Assured) by running them through a local proxy (JMeter, Burp, ZAP etc.) to capture traffic, which can then drive security scanning, performance testing, and exploratory testing efforts.
Read articleIntroduces WireMock for stubbing HTTP dependencies in isolated API testing, explaining Maven/JUnit setup and demonstrating how to define stubs for GET/POST requests matching URL, headers, and body, using Rest-Assured for client requests.
Read articleExplains how to automate Reflected Cross-Site Scripting (XSS) tests using Selenium, covering disabling Chrome's XSS auditor, implementing a Page Object for a vulnerable page (XSS Game Level 1), injecting a script payload, and asserting if an alert appears.
Read articleCompares automated and manual testing in the security context, arguing that while automation (scanners, static analysis) is vital for CI/CD, manual pentesting is crucial for finding complex flaws and addressing social engineering risks, emphasizing their complementary nature.
Read articleIntroduces OWASP Dependency Check for Continuous Security, explaining its integration into Maven projects, running checks, interpreting reports, handling false positives via suppression files, and integrating into CI pipelines with build failure conditions.
Read article