- Allow QA teams or developers to execute unit tests to demonstrate that a web application vulnerability remains fixed 1 day, 1 week, 1 month, or even 1 year from the date it was remediated (For example, security unit tests run as part of a continuous integration process).
- Provide a mechanism for security teams to demonstrate a vulnerability instance to web application stakeholders. One that can be run by the stakeholders themselves, as many times as needed, with little or no knowledge of security testing techniques.
To install everything on Windows, here's what I did:
1. Install Ruby (1.9.x) (http://rubyinstaller.org/downloads/)
2. Install Watir (http://watir.com/installation/#win)
Get an admin command prompt
gem update --system
gem install watir
gem install watir-webdriver
3. Install RSpec and escape_utils
gem install rspec
gem install escape_utils
4. Install Capybara
gem install capybara
To run the test cases, use the following commands:
rspec -f d "OWASP Broken WebApps RSpec.rb"
rspec -f d "OWASP Broken WebApps Capybara.rb"
- Using Watir & Ruby for Web Application Vulnerability Unit Testing
- OWASP Broken WebApps Capybara.rb
- OWASP Broken WebApps RSpec.rb