Questions tagged [automated-testing]

Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions. Commonly, test automation involves automating a manual process already in place that uses a formalized testing process (wikipedia.org).

As per wikipedia.org:

Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions. Commonly, test automation involves automating a manual process already in place that uses a formalized testing process.

The principle of automated testing is that there is a program (which could be a job stream) that runs the program being tested, feeding it the proper input, and checking the output against the output that was expected. Once the test suite is written, no human intervention is needed, either to run the program or to look to see if it worked; the test suite does all that, and somehow indicates whether the program's output was as expected.

Test Automation also has dedicated section in Software QA & Testing community.

73 questions
29
votes
6 answers

How can security audits be integrated into an agile project?

If we give a security auditing company a working system, and ask them to audit it, and only do that once during a project because it's expensive, this is basically waterfall. How can security auditing be integrated into an agile project without…
Robin Green
  • 640
  • 6
  • 11
29
votes
7 answers

What are some good website security scanning solutions?

What are some good web-based website security scanning solutions? I'm not too concerned if they are web-based solutions, or software that can be run locally. Generally, I'm looking for something we can run to provide to clients some sort of…
19
votes
1 answer

Tools to test for BEAST/CRIME that AREN'T Internet-based?

We have increasing pressure to identify and remediate any HTTPS server configurations that are vulnerable to BEAST (CBC) and CRIME (compression). We need to fix servers that are accessible to the Internet at large, servers that are only accessible…
gowenfawr
  • 71,975
  • 17
  • 161
  • 198
18
votes
4 answers

Is there a tool to rate browser TLS/SSL configuration?

I am looking for a tool to rate the configuration of SSL/TLS settings in the browser. I have found a few sites that enumerate supported ciphers and the preferences but none of them seem to provide judgement for what should be enabled and what should…
dfc
  • 336
  • 3
  • 14
18
votes
6 answers

Automated tools vs. Manual reviews

What are the advantages of using automated tools, as opposed to manual review? What are the disadvantages? This applies both to external blackbox vulnerability scanning, and to static code analysis. From the original Area51 proposal
AviD
  • 72,138
  • 22
  • 136
  • 218
15
votes
4 answers

Legitimately using tools like Havij

I'm a developer, not a security guru. My primary focus is ensuring that I'm not introducing security holes through bad programming. I understand how to code to protect against the OWASP Top 10, as well as other vulnerabilities, but I know enough…
David Stratton
  • 2,646
  • 2
  • 20
  • 36
14
votes
4 answers

Is external vuln scanning sufficient?

Is running an automated application vulnerability scanner sufficient to certify our application is secure? Why isn't it? From the original Area51 proposal.
AviD
  • 72,138
  • 22
  • 136
  • 218
13
votes
4 answers

How to perform a proper DDoS test in a safe and controlled way?

What is the proper and safe way to perform a DDoS test without crashing the whole infrastructure? What different types of DDoS attacks are there and what things should be considered performing such a test? Also, where can you rent a "botnet" or a…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
11
votes
1 answer

Did DARPA's Cyber Grand Challenge winner actually discover previously unknown vulnerabilities?

DARPA announced a winner on August 4, 2016 of its Cyber Grand Challenge DARPA Cyber Grand Challenge. The contest was described as designed to accelerate the development of advanced, autonomous systems that can detect, evaluate, and patch software…
Dalton Bentley
  • 321
  • 1
  • 7
10
votes
1 answer

Security scan result - Server leaks inodes via ETags

After automated scan on my web application I have the result that "Server leaks inodes via ETags, header found with file /icons/README, fields: 0x16a4 0x438c0000000". I've read about ETags but I don't see any security risk related to this. INode…
user187205
  • 1,163
  • 3
  • 15
  • 24
9
votes
2 answers

Websites that interactively test browser security (XSS, CSRF, Javascript, etc)

I'm looking for a comprehensive list of browser test sites so that I can visually prove that the browser is patched and configured for safe web browsing. My intent is to know what risks may exist prior to using the browser. (as I may be using a…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
1 answer

How many iterations of fuzzing is enough?

Fuzzing is a convenient, relatively low-cost way to detect some kinds of vulnerabilities, particularly in C/C++ code. My question: How much fuzzing is enough? Are there are any standards or best practices? Example: Microsoft's SDL requires that…
D.W.
  • 98,420
  • 30
  • 267
  • 572
8
votes
2 answers

How to mitigate the risk of a continuous integration service security breach?

We are using a Continuous Integration service to automatically run our product test suite. Every time we push code to our central Git repository production branch, the CI services is notified and fetches the code to run the test suite. The CI…
8
votes
3 answers

Continuous SQL injection testing

We have a set of internal Python/Django web applications that are pretty well tested functionality-wise, but from time to time we do discover vulnerabilities and, specifically, places where SQL and other types of injections may happen. Currently,…
alecxe
  • 1,515
  • 5
  • 19
  • 34
8
votes
6 answers

Security testing plan template or example

What does a security testing plan look like? Can anyone point out a template for such a document or an example?
smiley
  • 1,214
  • 2
  • 13
  • 21
1
2 3 4 5