Hackers of India

Pentesting without Pentesters - Automating Security Testing with Functional Testing Test Cases

 Ankita Gupta   Lavakumar Kuppan 


Presentation Material


Many software development companies don’t have penetration testing teams but they mostly have functional testing teams or the development teams perform functional testing. An important part of Function Testing is the automated test cases written for Selenium, Sahi, Silk Test or any other functional testing platform. These test cases cover almost all the features of the application and all the work flows. In this talk I will explain how a new scanning technology makes it possible to use the existing functional test cases and produce security findings in a language that developers can understand and work on. This technology will be implemented in the open source web security scanner - IronWASP and we will be releasing companion libraries that enable using this technology from your test cases, irrespective of the language it is written in.

If you are a startup or a SME who does not have the budget for a dedicated security team or if you are big company that wants to find its security bugs earlier in the development cycle then don’t miss this talk. If you are a penetration tester and want to find out how the future of web security testing will look then come with an open mind, you will learn a lot.