Viewing posts tagged automation

Thanks for visiting!  Opinions are my own, and don't reflect the opinions of my present or past employers.

Viewing posts tagged automation

Introducing Minion

Minion is a platform developed by the Security Automation team at Mozilla to enable integration and adoption of automated security testing that has been under development for the past year.

The platform allows any team to set up the basic requirements to perform automated scanning and testing of websites and services by providing sensible defaults for plugins that enable scanning of many types of web applications and services.

With the 0.3 release of Minion there are several milestones that have been achieved that have allowed us to start using Minion internally across our development community, quality assurance, and security ...

So you want to learn about ZAP?

On December 15th I will be giving a 2.5 hour training session at BSidesSeattle on how to use OWASP ZAP.

This is a training session, not a talk!  I strongly recommend that you bring a computer that you can use to run ZAP as you will get much more out of it by trying things.  The format for the session will be a series of 15 minute talks about something or other, followed by 15 minutes of testing and QA, which will speed up or slow down based on how many questions people ask.

There will also be a ...

Automating Test Cases

This post is cross-posted from the Mozilla Web Application Security blog.

Earlier this year I wrote about some of the challenges of scaling security efforts in an organization, and I mentioned that we are working to adopt better tooling to assist us in this. We have been working towards improving security in the development lifecycle by making security tests a part of the quality assurance process. In order to accomplish this we worked with the QA team at Mozilla to create a simple tool called Garmr to integrate automated security test cases as part of our continuous integration (CI) processes ...