In this case for the security testing of NodeSign signin, we will be using a Selenium script to automate the following UI steps and OWASP ZAP will be running as a proxy mode to monitor and analyze all security issues based on HTTP requests/responses. We will do the sign-in with a valid username and password, then visit every authenticated page without further data input and updates. The purpose of this testing is to do a security smoke test of every authenticated page.
Here are the UI steps automated by Selenium:
- Visit the sign-in page: http://nodegoat.herokuapp.com/login
- Sign in with username = user1 and password = User1_123
- Visit the contributions page after sign-in
- Visit the allocation page
- Visit the memos page
- Visit the profile
Follow the following instructions to proceed the testing.
