In this chapter, we mainly discussed how to apply a BDD framework to security testing. The security testing process and results can be difficult to understand for a non-security team; the adoption of a BDD security framework can reduce the communication gap. For example, a security team may test for POODLE vulnerability; in business language, that would be the verification of the secure communication of TLS.

We introduced two automation frameworks, Robot Framework and Gauntlt. Robot Framework uses a keyword-driven approach to define the testing steps and Gauntlt uses a GWT approach to define the testing scripts. We demonstrated the testing of SQL injection by using sqlmap, and illustrated how Robot Framework can be used to execute sqlmap . In the Robot Framework script, we use Execute Command to execute sqlmap, and we define the expected results by using Should Not Contain.

We also illustrated how to integrate Robot Framework with ZAP. We mainly use the Robot Framework Requests library to send restful APIs to OWASP ZAP. In the Robot Framework script, we defined a custom variable, SpiderScan, to execute the spider scan restful API in OWASP ZAP.

After learning about Robot Framework integration with sqlmap and ZAP, we will begin a project to practice all previously mentioned techniques and tools in the coming chapters.