Java Security Testing

Question

Java Security Testing

Is there such a thing as automatic security testing in Java? If so, how is this implemented? Are these just JUnit tests written to try to exploit known server vulnerabilities, or their security-oriented testing framework?

As a segue, I am also interested in this OWASP security testing platform, but I cannot determine if they use the "framework" in the classical sense (which means a set of guidelines and procedures that should be followed) or in (where they actually provide automated security testing components )

Thank you who can shed light on this for me!

+5

java security unit-testing owasp

IAmYourFaja 21 sept '11 at 15:03

source share

5 answers

Fuzz test never hurts: http://www.ibm.com/developerworks/java/library/j-fuzztest/index.html

Fuzz validation helps ensure that your application is protected from any user input.

Testing Fuzz is a bit inconvenient for JUnit tests, because they are "random." You might want to loop through and run several fuzz tests on each input leaflet in the test case.

+3

Josh pordon 21 . '11 15:56

, Sonar FindBugs (FindBugs SQL ..).

+1

Jens Borgland 29 . '12 14:23

, VeraCode, . , . .

+1

Glen 16 . '13 21:59

, , .

My suggestion for web applications is to use existing Unit and Integration tests (like Selenium) and then proxy them using a security tool like OWASP ZAP (Zed Attack Proxy). See http://code.google.com/p/zaproxy/wiki/SecRegTests for more details .

Simon (ZAP Project Manager)

+1

Simon bennetts Feb 19 '13 at 8:24

source share

Ivan Sopov · Accepted Answer · 2011-09-21T15:08:57+0000

I don’t know what exactly you are looking for, but there is a blog post by Stephen Colebourne (author of joda-time and the future new standard java8 API) about checking security permissions with junit: Stephen Colebourne's blog: checking security permissions

Java Security Testing

More articles: