Get full access to Hands-On Security in DevOps and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Web automation testing tips

Simply install and launch OWASP ZAP. Active and passive scanning can only give us a preliminary testing result for public web services. The following table contains some suggested tips to improve the testing efficiency and effectiveness for uses of web automation testing tools, such as ZAP or Arachni:

Testing tips

Description

Integration

To do automated integration, try to understand that the web security tools provide the following:

Headless execution mode
Command-line interface
REST API
Jenkins plugin (this may be optional as long as one of te preceding tools is provided)

For example, the OWASP ZAP (https://github.com/Grunny/zap-cli/) provides the ZAP CLI interface, which also helps make the integration ...

Get Hands-On Security in DevOps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now