Here is my first set of challenges:
- I need a couple Cucumber scripts (running on top of Ruby) that do some kind of web actions (ideally on a vuln app like webgoat, http://google-gruyere.appspot.com, hacmebank, etc...) so that we can test the following scenarios:
- Trigger this tests directly from O2 (including seeing its results). This could be as simple as triggering Cucumber from the command line
- Run those same tests via a security proxy/tool/scanner so that we can 'teach it' how to app works. This should work for any tool that can act like a proxy, but to start, I would like to run it on
- OWASP ZAP
- NetSparker
- AppScan Standard
- Burp
- Use IronPython to run cucumber tests/features directly in .NET/O2 so that I can create a solid two way communication and instrumentation between those scripts and O2 (i.e. O2 to consume them directly, and the scripts being able to access O2 APIs)
Thanks
