[Esapi-user] Continuous Website/Web Services Testing?

Jeffrey Walton noloader at gmail.com
Sun Jul 14 04:39:54 UTC 2013


On Sun, Jul 14, 2013 at 12:26 AM, Christian Frichot
<christian.frichot at owasp.org> wrote:
> Hi Jeffrey,
>
> Depends on what sort of things you're looking to do
Thanks John and Christian. I was hoping for something along the lines
of AppScan or Fortify. In my mind, testing an application once a year
or two is a big opportunity for improvement. So I'd like to have the
test performed, suppressions and custom rules developed, and then
continuously test the web app. Why wait to read about your data breach
on PasteBin?

> potential avenues you can investigate:
>  - Sucuri.net - monitors for changes to DNS, SSL, blacklisting - plus, you
> can set it up to email you diffs if content changes.
>  - asafaweb.com - more ASP.NET focused, but, may do a little of what you're
> after?
>  - Spin up your own? Maybe investigate running something like
> http://jenkins-ci.org/ somewhere, tie it together with something like w3af.
>  - Hack up your own? If you know exactly what you're after, you may be able
> to 'bash' some cli apps together with cron on a *nix box somewhere.
Thanks. I'll look into these.

Jeff

> On Sun, Jul 14, 2013 at 9:43 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>>
>> Hi All,
>>
>> Is anyone aware of a tool that performs nightly tests of web apps like
>> a continuous integration tests a build?
>>
>> The idea is to get a baseline and then look for adverse changes as the
>> dev team modifies functionality and adds pages.


More information about the Esapi-user mailing list