Penetration testing is one of those things that people don't often think about while they are building a product. It's usually seen as a phase of testing that is performed by a third party who has expertise in that area once a release has passed normal testing.
The problem with this view is that fixing security problems at this point may well be very expensive and requires large amounts of refactoring, or even rewrites. Wouldn't it be good if we could do as much penetration testing as possible in the early development phases? This would give us a fast feedback loop that would allow us to make changes earlier in the development life cycle at a greatly reduced cost.
Selenium does not have any penetration testing functionality built in, but we can use other tools to supplement it. One excellent tool that can work well with Selenium...
