Tuesday 8 May 2012

Using BDD-Security in TeamMentor

Following my discovery of BDD-Securty (see Using BDD-Security to test WebServices Authorization Rules? ) I was able to contract (via SI) some of Stephen's time to work on integrating his BDD-Security project with TeamMentor.

The brief (as you can see on Stephen's blog Brief: Testing TeamMentor with BDD Security) is to

... create a set of BDD-Security tests to test the Web Services behind TeamMentor.

The deliverables for the project will be:

  1. An executable set of BDD-Security stories for a sample of 20 of TeamMentor’s web services
  2. Integration of BDD-Security with the Jenkins CI server. The CI server should monitor github, and everytime a commit is made to TeamMentor- the security tests should be run and a report generated.
  3. BDD-Security will run automated access control tests on the supported web services
  4. BDD-Security will run automated security scanning using Burp on the supported web services.
  5. A series of Blog posts describing the steps in the process.
This is a great step in creating a much more solid CI environment for TeamMentor

If you want to look/follow the code, the GitHub Repository is at:  https://github.com/stephendv/bdd-teammentor

This job is going to be managed via Elance, and you can see the proposal here: https://www.elance.com/j/testing-teammentor-bdd-security/30393016/