Combine Selenium and OWASP’s Xelenium project or Zed Attack Proxy (ZAP) in order to perform easy to use integrated penetration testing for finding vulnerabilities in web applications. The Xelenium project and Zed Attack Proxy (ZAP) are distributed through the Open Web Application Security Project (OWASP) which is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
SonarQube’s OWASP results
Some of OWASP’s functionality:
- Intercepting Proxy
- Traditional and AJAX spiders
- Automated scanner
- Passive scanner
- Dynamic SSL certificates
- Smartcard and Client Digital Certificates support
- Web sockets support
- Support for a wide range of scripting languages
- Plug-n-Hack support
- Authentication and session support
- Powerful REST based API
- Automatic updating option
- Integrated and growing marketplace of add-ons
Xelenium Project: Xelenium is an automation testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses ‘Selenium – Webdriver’ as its engine and has been developed using Java swing.
The Zed Attack Procy (ZAP): is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.