Giters

Oktaliem / WebSecurityScanningSample

This repository is dedicated to the Indonesia Software Quality Assurance members for online learning material.

Home Page:http://www.isqa.club/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Apache JMeter logo

SOFTWARE TESTING ENTHUSIAST


WebSecurityScanningSample

ZAP Security Scanning Life cycle

Workflow-1

Spider --> Spider with AJAX --> Active Scan ---> Alerts --> HTML Report

Workflow-2

Spider --> Spider with AJAX --> Passive Scan ---> Alerts --> HTML Report

Precondition (prepare test environment)

  1. Application Under Test : Damn Vulnerable Web Application (DVWA) in Docker
$ docker run --rm -it -p 3000:80 vulnerables/web-dvwa
  1. Open OWASP ZAP Proxy Desktop (Ubuntu)
$ zap.sh

Run Automated Security Scanning

Workflow-1 (Active Scan with or without Authentication)

$ mvn clean test -Dtest=SecurityTest#activeScanWithoutAuthentication
$ mvn clean test -Dtest=SecurityTest#activeScanWithAuthentication

Workflow-2

$ mvn clean test -Dtest=SecurityTest#passiveScanWithoutAuthentication
$ mvn clean test -Dtest=SecurityTest#passiveScanWithAuthentication

Demo in Youtube - Ubuntu

CLICK HERE

References

About

This repository is dedicated to the Indonesia Software Quality Assurance members for online learning material.

http://www.isqa.club/

Languages

Language:Java 83.9%Language:JavaScript 16.1%