-1

Details:

I had already read several articles regarding a security-specific regression test, which could not be more different. Some advocate a strict mixture of CI pipelines and manual pentest procedures, others swear by no CI automated test procedures and manual test procedures.

I myself would prefer a clear mixture of several procedures for the security regression test. Here just about a connection of Owasp Zap + Docker and Jenkins as a pipeline integration.

The questions:

  • What are your experiences regarding security regression?
  • How do you handle the corresponding workflow in the Agile area and in the definition of Ready and Done?
  • Do you do more manual security regression or do you swear by corresponding CI tooling and automation? Thank you for your interest!
Mornon
  • 59
  • 5
  • 22

1 Answers1

1

We actually have a Google Summer of Code project for retesting vulnerabilities found by ZAP scans.

The blog https://pranavsaxena17.github.io/GSoC-with-ZAP/ is a bit light but hopefully the student will update it soon. In any case the project is progressing well.

Simon Bennetts
  • 5,479
  • 1
  • 14
  • 26