Want to know about Flow of BDD-Security-Framework

[Ravi Jais]

Simon,

I am using ZAP UI(TOOL) to see vulnerabilities , In my application almost 50 pages are there,

#1. I have configured ZAP as proxy and executing Selenium Automation script , So ZAP is doing their job (crawling all the urls ) in parallel. Actually I am running Selenium Automation script modules wise and then I selecting URLs on by one and doing Active scan, fuzzing with FuzzDB etc... then generating the reports.

 Here my question is Am i doing in correct way.? and What all thing I can do more to find vulnerabilities .?

In second hand I have downloaded BDD- Security-Framework from GIT, 

I have Implemented ILogin interface and modified needed files like config.xml etc.., so I am able to run Authentication Session_management feature files through Junit, Cucumber Feature and Gradle.

Here my confusion is  , If I relate this Framework with my point # 1 (ZAP UI(tool)), How I can run module wise my Selenium Automation script and can use BDD-Security Framework.?

I think its silly question , but if you can give your valuable input on this , it will help me lot.

Please let me know if I am not clear.!!

Thanks  

Ravi KAnt