IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [automated-testing]

Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions. Commonly, test automation involves automating a manual process already in place that uses a formalized testing process (wikipedia.org).

As per wikipedia.org:

Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions. Commonly, test automation involves automating a manual process already in place that uses a formalized testing process.

The principle of automated testing is that there is a program (which could be a job stream) that runs the program being tested, feeding it the proper input, and checking the output against the output that was expected. Once the test suite is written, no human intervention is needed, either to run the program or to look to see if it worked; the test suite does all that, and somehow indicates whether the program's output was as expected.

Test Automation also has dedicated section in Software QA & Testing community.

73 questions
1
vote
0 answers

Firewall rulebase analysis offline/vendor agnostic a thing for FISMA/NIST

During design-time before a build-out, I currently create an excel file version of a firewall rulebase (policy) representing source/target/port/protocol/etc definitions before being pushed to the vendor-specific firewall devices. Question: Is there…
dhartford
  • 131
  • 3
1
vote
2 answers

What phases does a network penetration test consist of?

What are common phases of a network infrastructure penetration test? Staring with discovering IP's and ports? A simple vulnerability assessment, checking version information of banners from different services on different ports against CVE(-like)…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
1
vote
2 answers

Assuming existence of sufficient number of benign inputs?

I have come across multiple machine learning based security solutions that train their detectors/models using "benign" inputs. The assumption is that the operator has access to sufficiently exhaustive benign inputs (benign inputs that provide…
MEE
  • 113
  • 4
0
votes
1 answer

How to change the expiration time for the pkcs certificate?

I have an application (which I'm testing), in which I create some services. These services are accessible via libraries i.e java and python apis. In order to authenticate the api calls, the application does gives me pkcs file. I want to change the…
Ant's
  • 101
  • 2
0
votes
1 answer

Looking for Wepawet-like open source alternative

Is there any open source alternative to Wepawet ? I need to study techniques of JavaScript malware detection.
user45139
0
votes
1 answer

Automating tests for XSS in bash?

The book:"Web Security Testing Cookbook By Paco Hope, Ben Walther" is the only source I could find which covers the topic. They use cURL. I just want to write some scripts to automate testing for xss. I'm just gonna run it on a site like…
dickolopicks
  • 11
  • 2
0
votes
0 answers

Appscan not scanning vb files

I was doing SAST of a .NET application (.aspx and .vb) using Appscan source for analysis. I can scan aspx files but I am not able to scan .vb files in Appscan. How do you scan .vb files?
suraj vishwakarma
  • 1
0
votes
0 answers

What type of breach is occurring with Puppeteer.js on this Azure hosted webapp? (Snapshot provided)

When running the screenshot.js on https://try-puppeteer.appspot.com/, a web based Puppeteer.js I the image produced was of a gaming/gambling website, not my website at all! My site was https://puppet.azurewebsites.net/custEvntSingle.html now…
Stephan Luis
  • 101
  • 1
0
votes
1 answer

QR Code Security Testing

Within the scope of a project for my client, I test the existing site and the project for security vulnerabilities using OWASP ZAP. The client uses invitations with QR Codes and QR Codes to login to his project. How can I test QR Codes on security…
Mornon
  • 131
  • 6
0
votes
1 answer

How to check/test security issues of freeware?

My company is implementing software whitelisting processes. There are bunches of freeware needing security testing. Actually, it just requires a preliminary evaluation rather than a deep analysis. How can we assess the security of freeware?
sanba06c
  • 103
  • 9
0
votes
1 answer

Adding Floating point operations to fuzzing?

During analysing a software testing paper I read We plan to add floating-point operations in order to extend fuzz testing capability. What kind of benefits I can expect from adding floating point operations to fuzzing techniques? What are the…
Ali
  • 31
  • 3
-1
votes
1 answer

Can I perform a local test for DNS leaking?

I want to test that the connection from my local machine to my VPN is set up correctly, specifically that I do not have DNS leaks. I am aware of web-based tools like dnsleaktest.com but they aren't suitable for repeated and/or scripted testing. Is…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
-3
votes
1 answer

How am I supposed to check Defender's capability when it trusts me blindly after I mark a test malware file as "allowed"?

With enormous amounts of fighting with Windows/Microsoft Defender, I finally managed to download the "test virus" file from https://www.ikarussecurity.com/en/private-customers/download-test-viruses/ onto my desktop. However, Defender (on the command…
K. Hodgens
  • 1
1 2 3 4
5