Selenium – Automated security testing using Selenium


I am trying to figure out scenarios for different web application security testing approaches with Selenium WebDriver. I am aware of XSS and SQL injection but have not tried executing such tests with Selenium. Although Selenium is supposed to be used as a UI functional test automation tool, I feel that we can use it to test some security aspects of a website too.

My questions are:
1. Has anyone worked on automated security testing of web apps using Selenium? Can you please share your experiences or ways you achieved it using Selenium?
2. What could be possible security testing from web UI I could perform using Selenium as my tool?

Best Solution

Automated or Manual Security testing using OWASP-ZAP involves below 3 steps: 1. Enabling ZAP - ZAP will do XSS & SQL injections 2. Kick-off regression tests (any UI automation tool you would like say Selenium, Nightwatch.js, Protractor etc.). Explore the AUT(Application under test) as much as possible so that ZAP can proxy all the URL's. 3. Run the ZAP python script which will capture the result/report

Please go through below Github URL. I have implemented automated security tests using OWASP-ZAP and Nightwatch.js. Similar can be done with Selenium. Please go through Readme.doc.

regards, Amit

Related Question