TEST Phase
Last updated
Last updated
Testing ensure that the application is working as expected and has no bug or vulnerabilities.
DAST is a web application security test that finds security issues in the running application. DAST tools are also known as web application vulnerability scanners which can detect common vulnerabilities like SQL injection, cross-site scripting, security misconfigurations, and other common issues detailed in . We can use , , , and which finds vulnerabilities in the running web application. Here is a provided by OWASP. We can easily integrate these tools with our CI/CD pipeline.
are small but check critical components and functionality of the application. When implemented, It runs on every application build to verify critical functionality passes before integration and end-to-end testing can take place which can be time-consuming. Smoke tests help create fast feedback loops that are vital to the software development life cycle.
For example, in a smoke test, we can run the curl command on the API to get the HTTP response code and latency.
Today’s applications might expose hundreds of highly valuable endpoints that are very appealing to hackers. Ensuring your APIs are secure before, during, and after production is crucial. Hence we need to test our APIs.
API Testing reports what type of authentication is required and whether sensitive data is encrypted over HTTP and SQL injections allowing you to bypass the login phase.
We can use , , , and tools for API testing. Below is a small example using Jmeter where test.jmx contains the API test cases.