Wednesday 23 November 2011

Help on running Cucumber via security tools and .NET

Hi, I need to integrate Cucumber into O2, so I was wondering if I could get some help.

Here is my first set of challenges:
  • I need a couple Cucumber scripts (running on top of Ruby) that do some kind of web actions (ideally on a vuln app like webgoat,, hacmebank, etc...) so that we can test the following scenarios:
    • Trigger this tests directly from O2 (including seeing its results). This could be as simple as triggering Cucumber from the command line
    • Run those same tests via a security proxy/tool/scanner so that we can 'teach it' how to app works. This should work for any tool that can act like a proxy, but to start, I would like to run it on
      • OWASP ZAP
      • NetSparker
      • AppScan Standard
      • Burp
  • Use IronPython to run cucumber tests/features directly in .NET/O2 so that I can create a solid two way communication and instrumentation between those scripts and O2 (i.e. O2 to consume them directly, and the scripts being able to access O2 APIs)