How to automate Zap with BDD & Selenium ?

[Ankit Singhal]

My Requirement : Create a Security testing framework using : BDD ( Cucumber) + Selenium + ZAP + Jenkins + Git . 

Currently in my current organization we are using zap as a manual security testing tool , I want to integrate it with my continuous integration & Deployment pipeline , so that we can automate the security testing process . 

Could you provide me some links / example / framework , in which i can use zap with my regression testing suite .

 Also , I am new to security testing , could you let me know what are the scenarios can be covered as part of security testing so that i can automate them. 

Note : Currently , we have regression suite written in BDD (Cucmber) + Selenium + Scala + Scala test + Jenkins + git .

If there is any other way , then let me know .

[Stephen de Vries]

Hi Ankit,

Such a framework already exists (I am one of the devs): https://github.com/continuumsecurity/bdd-security 

On the cukesecure branch you’ll find the Cucumber version.  It already comes with a number of pre-written features which you can modify and adjust to suit your own requirements.  The basis of the framework is Cucumber + Selenium + ZAP + SSLyze (optional) + Nessus (optional) and it includes both non-functional and some functional tests.

The stable version of the cukesecure branch is only 1 day old and we haven’t got the documentation out yet, but you can expect it in the next week or two.  There is a google group for discussion and help: https://groups.google.com/forum/#!forum/bdd-security

regards,

Stephen

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.