-
“The Performance Testing Handbook” is now live
I am happy to announce that my new book is now available online , it was a long journey but i think it worth it. You can buy the book from the following link https://leanpub.com/theperformancetestinghandbook Also, I will be happy to receive your feedback, thoughts about the book, and what can be enhanced in the…
-
[DAST] Dynamic Application Security Testing , Tools and examples
DAST stands for “Dynamic Application Security Testing” , it means analyzing a web application through the front-end to find vulnerabilities through simulated attacks. This type of approach evaluates the application from the “outside in” by attacking an application like a malicious user would. In this kind of testing you can try attacks like SQL injection…
-
GraphQL Performance Testing With Apache JMeter
GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables…
-
Mobile App Security Testing – Static Analysis Overview
Introduction The mobile industry is booming like never before. This has created a number of types of mobile devices, mobile OS. The mobile boom is not without its risks. Developer generally creates application from a “functionality first” perspective, but with security as a low priority. This is an unfortunate reality. In fact, using mobile devices…
-
OWASP ZAP – add-ons that will enrich your discovery
In this article i will refer to number of add-ons that i think may help enrich the vulnerability discovery and also give a clear understanding about the system under test. First of all what is OWASP ZAP? Zap is a famous open source automated pen testing tool , created and maintained by the OWASP community.…
-
API Security Testing With Postman and OWASP Zap
Most of the content around API testing is about functional testing or recently about API automation testing , so what about Security Testing? We’re going to use Postman and consume our existing collections. The idea here is to send the Postman requests to OWASP Zap to be able to start automated pen-testing. Why? Sometimes we…