Selenium & InsightAppSec

Enhance App Security Through QA Automation

Application development teams are moving faster than ever. This acceleration is aided by modern web frameworks, CI/CD (Continuous Integration/Continuous Delivery) platforms, and automated testing that enable teams to build, test, and iterate in a fraction of the time it took before these technologies existed. One of these tools widely adopted by agile software development teams is Selenium. Selenium automates unit tests of specific web application functionalities in a browser; this saves development teams from the repetitive, manual testing that has historically been required to ensure new code doesn’t break new features.

But the benefits of test automation don’t have to be exclusive to developers: By integrating Rapid7 InsightAppSec or AppSpider, our dynamic application security testing (DAST) solutions, with Selenium, you can leverage the automated functional unit tests created by QA teams to maximize security test coverage of an application. This expedites the identification and remediation of security bugs, and reduces the likelihood of missed vulnerabilities.

How It Works

InsightAppSec* integrates with Selenium to automate authentication into and crawling of applications with a login screen. First, upload a Selenium script (.side or .html) of the login sequence into your InsightAppSec scan configuration. When InsightAppSec encounters a login page, it will execute the Selenium script in an embedded Selenium engine to automate authentication, thus allowing the DAST scan to proceed in areas of the application guarded by the login screen.

Figure 1: InsightAppSec executes a Selenium script to facilitate an authenticated scan of the target web application. The embedded Selenium engine enables InsightAppSec to use the same script used in functional unit tests.

*Any mentions of Rapid7 InsightAppSec as they pertain to its integration with Selenium also apply to Rapid7 AppSpider.