Many people misunderstand the purpose of Cucumber. Because it seems to yield clearer, plain-language test scripts, testers want to use Cucumber as a general-purpose testing tool, including for API tests. But its true purpose is as a BDD framework. You may be thinking, what’s the harm? Here’s why it makes a difference—and why you should choose another tool for API testing.
In my latest Ignite Talk, I (quickly) discuss some lightweight text editors. There are appearances from Visual Studio Code, of course Vim, and some others. Given this is an Ignite Talk, I don’t get to cover any one editor in depth. An Ignite Talk consists of 20 slides auto-advancing every 15 seconds. This was given […]
Sequence Diagrams Often it is helpful to visualize a solution before implementing it. Diagrams in general help simplify a complicated system to make it easier to understand at a high level. One specific way you might accomplish this is with a sequence diagram. A sequence diagram shows how pieces of a system interact and in […]
OWASP Zed Attack Proxy (ZAP) is one of my favorite tools for scanning and performing vulnerability tests on a web application. It has a simple GUI to get started, with a large capability for customization to tailor scans as needed. Recently, I was faced with a problem to login and then scan the authenticated segments of […]
In the previous blog, I detailed a great starting point for mobile application testing— the AppUse framework—and highlighted its greatest pros and cons. This tool, created by AppSec-Labs, combines many additional tools to perform static and dynamic analysis of an application and the smartphone device that it runs. Remember, please only use the tools and […]
Knowing where to start in the penetration testing world is very difficult and largely inconsistent. With so many options and tools available simply kicking off a scan of the network can require a considerable time investment. That is even truer in the relatively new world of mobile testing. Please only use the tools and methods discussed on systems that you […]
As a direct followup to my previous post, I thought the discussion of passing parameters in a build flow might be useful. Let’s start with our previous example. I’ve created a build flow that deploys an application and runs Front-End, Back-End and Integration Tests against that application in parallel. In addition, we’ve added several features […]
Kali Linux (http://www.kali.org) is a collection of free penetration testing and security auditing tools, all packaged into a single Linux distribution.
As part of my ongoing collection of reviews and thoughts on today’s Security Testing Tools, I’m taking a look at the Zed Attack Proxy (ZAP) by OWASP. While, my last review of WebSecurify, looked at a very simplistic tool for Web Application Security Testing, this review will bring us a slightly more complex tool. So where […]
One of the biggest trends in issues in web application testing today is Security Testing. Most people know their web application is important for their business; no one wants a big security breach. With hackers becoming more and more sophisticated, and vulnerabilities becoming easier and easier to exploit the odds are not in your favor. […]
