2. $ whoami
- Elmir Iskanderov linkedin.com/in/iskanderov;
- 4 years in cybersecurity;
- Application Security Engineer at Cossack Labs;
- Specialized in WEB, API, Infrastructure and Cloud penetration testing;
- Automatization enjoyer.
Cossack Labs - UK/Ukraine data security solutions company.
Practical data security and software security in industries where security is a hard requirement.
3. Agenda
1. The Problems We Faced
2. Security Autotest
3. Use Cases
4. Creation Autotests In a Few Clicks
5. Important to Remember
6. Q&A
4. The Problems We Faced
- A lot of reported vulnerabilities that we should validate as
fixed;
- Detect duplicate previously found vulnerabilities;
- Spending too much time on validation.
6. Security Autotests
- Saving time;
- Automated validation of vulnerabilities;
- Integration into the CI/CD pipeline;
- Tracking previous vulnerabilities;
- Creation in a few clicks.
21. Pay attention to
- Do not trust verifications for high/critical vulnerabilities;
- Do not spend too much time on creation (if there are no reasons to
automate all);
- Use templates for most common issues;
- Create a flow for logging in and retrieving session cookies/tokens;
- Software is developing, and some automated tests are becoming
outdated.