Category Archives: Security Test Automation

Agile Security & SecDevOps Touch Points

Agile software development has gotten more and more attention in the last couple of years. Not only internet startups or media agencies but also large companies from conservative business lines like automotive, banking, insurance and public sector more and more … Continue reading

Posted in DAST, IAST, Java, SAST, Secure SDLC, Security Test Automation | 3 Comments

Automating DAST Scans with Jenkins, Arachni & ThreadFix

I’m often asked how security tests can be automated with non-commercial tools, e.g. triggered by a Jenkins build. Therefore I decided to write this post, to give you a bit of understanding which tools you can use and what you … Continue reading

Posted in DAST, Java, Security Test Automation, Uncategorized | Tagged , , , | 4 Comments

IAST: A New Approach for Agile Security Testing

Static Application Security Testing (SAST) tools such as Fortify, Veracode, Checkmarx or IBM App Scan Source Edition have been available on the market now for a while. All of them have their specific pros and cons. But there are certain … Continue reading

Posted in IAST, SAST, Security Test Automation | 2 Comments

Gartner’s Magic Quadrant for Application Security Testing 2014

One publication that usually became a lot of attention in the application security market is of course Gartner’s magic quadrant. A new one for Application Security Testing (that is confusingly abbreviated with “AST”, a term that in software anylysis usually … Continue reading

Posted in DAST, SAST, Security Test Automation | Tagged , , | Leave a comment

Automatic Testing for Security Headers

Today, performing unit tests has become a standard in many development teams for automatically performing various tests on code (e.g. as a compulsory part of the build process). Especially in agile development, the existence, completeness and quality of such tests … Continue reading

Posted in Java, Security Test Automation | Tagged , , , , | Leave a comment