BDD-Security is now easier to configure and launch from a Docker container.
Because BDD-Security stores most of its configuration inside a config file (config.xml), it was cumbersome to change the parameters when launching the Docker container.
To solve this we have now made it easier by allowing all of the config.xml attributes to be set via the command line, instead of in the file. This means you can create a docker container with the most commonly used settings configured in the config.xml file, and then change parameters for the test launch via the commandline.
Everything is explained in Github under: “Using config.xml and the command line”.
For those that don’t know, BDD-Security is an open source security testing framework that uses natural language Gherkin syntax to describe security requirements as features. Those same requirements are also executable as standard unit/integration tests which means they can run as part of the build/test/deploy process.
Features & benefits include:
- Free and Open Source automated testing framework for security
- Ready to run on a Continuous Integration Server , as part of the build/test/deploy process
- Upgrade DevOps to SecDevOps
- Generate reports, to be easily viewed and understood by business and security users
- Tests are run dynamically against a deployed application, no need to access your source code
BDD-Security is written in Java and based on Cucumber, Selenium 2 (WebDriver), OWASP ZAP and a number of other security tools. This means that any automated testing can be performed, while describing the actions in a easily understandable format.
Why not try it out today!