This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File:OWASP London 14-Jan-2009 Penetration Testing with Selenium-Yiannis Pavlosoglou v2.pdf
Penetration Testing with Selenium:
Selenium is a web application testing framework often used for unit testing and functional testing during the later parts of web application development. This presentation examines how this tool, in particular the Selenium IDE, can be used for creating security unit tests. By emulating a systematic logon, logoff or browse to a particular location, web application penetration tests can be performed using Selenium. Furthermore, fuzzing payloads can be scripted as inputs for security tests. As a result, issues of holding state, or having valid authentication credentials to test a particular input for, say, Cross Site Scripting (XSS) or SQL Injection can be performed in a much shorter time duration. This presentation will take the audience through the process of setting up, scripting and running Selenium against a vulnerable web application. It's aim is to relay back one successful approach that has been used in the field in order to discover vulnerabilities through stateful fuzzing.
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Dimensions | User | Comment | |
---|---|---|---|---|
current | 13:59, 15 January 2010 | (1.26 MB) | Yiannis (talk | contribs) | Penetration Testing with Selenium: Selenium is a web application testing framework often used for unit testing and functional testing during the later parts of web application development. This presentation examines how this tool, in particular the Selen |
- You cannot overwrite this file.
File usage
The following page links to this file: