File:OWASP London 14-Jan-2009 Penetration Testing with Selenium-Yiannis Pavlosoglou v2.pdf

From OWASP
Revision as of 07:59, 15 January 2010 by Yiannis (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Penetration Testing with Selenium:

Selenium is a web application testing framework often used for unit testing and functional testing during the later parts of web application development. This presentation examines how this tool, in particular the Selenium IDE, can be used for creating security unit tests. By emulating a systematic logon, logoff or browse to a particular location, web application penetration tests can be performed using Selenium. Furthermore, fuzzing payloads can be scripted as inputs for security tests. As a result, issues of holding state, or having valid authentication credentials to test a particular input for, say, Cross Site Scripting (XSS) or SQL Injection can be performed in a much shorter time duration. This presentation will take the audience through the process of setting up, scripting and running Selenium against a vulnerable web application. It's aim is to relay back one successful approach that has been used in the field in order to discover vulnerabilities through stateful fuzzing.

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current07:59, 15 January 2010 (1.26 MB)Yiannis (Talk | contribs)Penetration Testing with Selenium: Selenium is a web application testing framework often used for unit testing and functional testing during the later parts of web application development. This presentation examines how this tool, in particular the Selen
  • You cannot overwrite this file.

The following page links to this file: