In this case study, we will discuss a software service delivery team. The team regularly releases web services and mobile applications. The security objective is to ensure that there are no major security vulnerability issues before each service or mobile application goes live. We will use the following vulnerable demo projects:

• For web services: OWASP NodeGoat and OWASP WebGoat
• For mobile services: Vulnerable APK by MobSF

The NodeGoat project comprises an online RetireEasy Employee Retirement Savings Management service. The website includes several major OWASP Top 10 vulnerabilities, and we will apply several automation testing tools and techniques to identify those security issues in the coming chapters. In this book, we focus on how to build an entire security automation testing framework, rather than just identifying security issues and exploring the details of each security issue.

For the OWASP NodeGoat web service, you may use the online version (http://nodegoat.herokuapp.com/) or install it from the NodeGoat source on GitHub.