ABSTRACT

The topic of test automation has reached web application development. Testing software for security vulnerabilities has become common and indispensable and, therefore, so has the automation of security tests. When security testing is done during software development and/or after releasing new features of a software program, it is — if at all — carried out by a small set of security specialists. This chapter serves as a guideline for integrating security testing into the software development life cycle (SDLC). It introduces the topic of testing and test automation in the security perspective. Testing in iterative and agile development models is presented with a focus on the integration of automated security tests in the continuous build and integration process. The purpose of web application security testing is to find any security weaknesses or vulnerabilities within an application and its environment, to document the vulnerabilities, and to explain how to fix them.