[Esapi-user] Continuous Website/Web Services Testing?
christian.frichot at owasp.org
Sun Jul 14 04:44:49 UTC 2013
Oh, have you investigated whitehat's sentinel ?
On Sun, Jul 14, 2013 at 12:39 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Sun, Jul 14, 2013 at 12:26 AM, Christian Frichot
> <christian.frichot at owasp.org> wrote:
> > Hi Jeffrey,
> > Depends on what sort of things you're looking to do
> Thanks John and Christian. I was hoping for something along the lines
> of AppScan or Fortify. In my mind, testing an application once a year
> or two is a big opportunity for improvement. So I'd like to have the
> test performed, suppressions and custom rules developed, and then
> continuously test the web app. Why wait to read about your data breach
> on PasteBin?
> > potential avenues you can investigate:
> > - Sucuri.net - monitors for changes to DNS, SSL, blacklisting - plus,
> > can set it up to email you diffs if content changes.
> > - asafaweb.com - more ASP.NET focused, but, may do a little of what
> > after?
> > - Spin up your own? Maybe investigate running something like
> > http://jenkins-ci.org/ somewhere, tie it together with something like
> > - Hack up your own? If you know exactly what you're after, you may be
> > to 'bash' some cli apps together with cron on a *nix box somewhere.
> Thanks. I'll look into these.
> > On Sun, Jul 14, 2013 at 9:43 AM, Jeffrey Walton <noloader at gmail.com>
> >> Hi All,
> >> Is anyone aware of a tool that performs nightly tests of web apps like
> >> a continuous integration tests a build?
> >> The idea is to get a baseline and then look for adverse changes as the
> >> dev team modifies functionality and adds pages.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user