硒 & InsightAppSec

Enhance App Security Through QA Automation

Application development teams are moving faster than ever. This acceleration is aided by modern web frameworks, CI/CD (Continuous Integration/Continuous Delivery) platforms, 和 automated 测试ing that enable teams to build, 测试, 和 iterate in a fraction of the time it took before these technologies existed. One of these tools widely adopted by agile software development teams is 硒. 硒 automates unit 测试s of specific web application functionalities in a browser; this saves development teams from the repetitive, manual 测试ing that has historically been required to ensure new code doesn’t break new features.

But the benefits of 测试 automation don’t have to be exclusive to developers: By integrating Rapid7 InsightAppSec 或AppSpider, our dynamic application security 测试ing (DAST) solutions, 与硒, you can leverage the automated functional unit 测试s created by QA teams to maximize security 测试 coverage of an application. This expedites the identification 和 remediation of security bugs, 和 reduces the likelihood of missed vulnerabilities.

它是如何工作的

InsightAppSec* integrates 与硒 to automate authentication into 和 crawling of applications with a login screen. First, upload a 硒 script (.方或 .html) of the login sequence into your InsightAppSec scan configuration. When InsightAppSec encounters a login page, it will execute the 硒 script in an embedded 硒 engine to automate authentication, thus allowing the DAST scan to proceed in areas of the application guarded by the login screen.

图1: InsightAppSec executes a 硒 script to facilitate an authenticated scan of the target web application. The embedded 硒 engine enables InsightAppSec to use the same script used in functional unit 测试s.

*Any mentions of Rapid7 InsightAppSec as they pertain to its integration 与硒 also 应用 to Rapid7 AppSpider.