4. About me
Software Developer and Security Evangelist at Soluto
26yrs old
Writing code for the last 8 years
@omerlh: Github/Twitter
http://goo.gl/sphN9w
8. ZAP - Zed Attack Proxy
“The OWASP Zed Attack Proxy (ZAP) is one of the world’s most
popular free security tools”
API/cli
Active Scan Mode (spider)
Passive Scan Mode
http://goo.gl/sphN9w
10. “WebdriverIO lets you control a browser or a mobile application
with just a few lines of code.”
Simple Selenium binding for JS
Very popular framework for automation testing
Webdriver.io
http://goo.gl/sphN9w
12. Docker
“Docker is the world’s leading software container platform”
“Using containers, everything required to make a piece of
software run is packaged into isolated containers”
http://goo.gl/sphN9w
18. Comparison with Zap Active Scan
Better coverage of the tested app
Take advantage of existing tests
No additional setup - baseline scan
Mixed tests types - automation and security
http://goo.gl/sphN9w
19. Future Plans
Alerts processing - see this issue
Use Jenkins plugin? (we are using TeamCity)
Dedicated security tests
Integrate Active Scan (XSS Dom plugin)
SSL/HSTS
Mobile/Certificate pinning override
http://goo.gl/sphN9w