This repository contains templates for commonly used security autotests.
Security autotests - are automated tests that verify previously identified security issues and vulnerabilities. If you uncover a vulnerability and want to verify it automatically after developers have provided fixes, you can create a security auto-test in just a few clicks.
For quick creation of security auto-tests, you can use the Burp Suite + Copy As Python-Requests extension + templates.
This repository includes examples such as:
- base template
- input validation
- security headers validation
- rate limits validation
- user enumeration
- etc.
You can learn more about security autotests here:
- https://www.cossacklabs.com/blog/security-autotests-for-measurable-and-stable-application-security-processes/ - our blog
- https://speakerdeck.com/iskand3rov/bulletproof-your-software-the-magic-of-security-autotests - the presentation
- Choose a vulnerability template.
- Copy and paste the code into an IDE (or clone the repository).
- Copy request(s) from Burp using the Copy As Python-Requests extension.
- Modify the template according to your needs. You can change the
MESSAGEvariable,verification()function, and any other necessary code. - Optionally, add a function to login into the tested application if future requests require session tokens.
- Run the code and ensure it works correctly.