[Esapi-user] Continuous Website/Web Services Testing?

Dan Cornell dan at denimgroup.com
Sun Jul 14 15:49:19 UTC 2013


>Is anyone aware of a tool that performs nightly tests of web apps like
>a continuous integration tests a build?
>
>The idea is to get a baseline and then look for adverse changes as the
>dev team modifies functionality and adds pages.


We're rolling that capability into ThreadFix
(https://code.google.com/p/threadfix/) Check out the 2.0 branch
(https://code.google.com/p/threadfix/source/browse/?name=2.0) Currently we
have an OWASP ZAP scan agent (initial working version should be checked in
later today, actually) and we'll be adding AppScan, Brakeman, Fortify, etc
shortly. Basically what it lets you do is store the configuration for a
scan (login, etc) and queue up those scans whenever you like - after a
fresh build, on a schedule, and so on. All free/open source under a
Mozilla license. If that's what you're looking for, email me off-list and
I can provide some more info.

Thanks,

Dan




More information about the Esapi-user mailing list