How to create an OWASP test
How to OWASP test¶
In this how to guide you will learn how to create, deploy, and run a OWASP test for a Platform service (Web App, User Interface etc) for your team.
Prerequisites¶
Before adding tests for your service, you will need to ensure that:
Overview¶
By completing this guide, you will have completed these actions:
- Learned how to add a OWASP test for your service.
- Learned how to run a OWASP test locally.
- How to customize your pipeline to run OWASP tests for different env.
Guide¶
Note
Every pipeline run includes steps to run varoious tests pre deployment and post deployment. These tests may include unit, integration, acceptance, performance, accessibilty etc as long as they are defined for the service.
The pipeline will check for the existence of the file .docker-compose.zap.yaml to determine if contract tests have been defined.
How to add a OWASP test for your service?¶
The OWASP Test Config should be added to the zap folder in the GitHub repository of the service. Refer to the ffc-demo-web example. This folder should contain zap.conf file which is required to execute the tests.
Requirments for local development¶
- Docker Desktop 2.2.0.3 (42716) or higher
How to run a OWASP test locally?¶
Executre the above commands in bash or PowerShell
How to customize your pipeline to run OWASP tests?¶
You can customize the environments where you would like to run OWASP test (within the pipeline it is referred as integration test)
If not defined, the pipeline will run with following default settings.
Please refer ffc-demo-web pipeline:
How to disable test?¶
if you want to disable the test for any reason please refer Disable Test