In this chapter, we will use three case studies to learn different security automation techniques for use against the vulnerable NodeGoat site. The first case is to automate OWASP ZAP by using the ZAP-CLI, which will help identify any initial security issues on the website before authentication. In the second case, we will be using selenium to do the user sign-in, in order to access some authenticated pages and identify more potential security issues. In the final case, we will use JMeter to do the sign-in with external CSV data and detect potential command injection security issues.
The topics that will be covered in this chapter are as follows:
- Web security automation testing with OWASP ZAP using the CLI
- Web security automation testing with ZAP and Selenium
- Web security testing with ZAP, JMeter, and DDT with FuzzDB