DAST Security Automation with a Markdown file

I love automation and DevSecOps. Automation is a true force multiplier for already constrained Application Security teams. In my trainings on DevSecOps, one common problem that a lot of students come to me with is "How do I automate DAST?" Admittedly, DAST is hard. DAST products usually have limited API capabilities and with today's API and SPA (Single Page Apps), the old-school mode of spidering with DAST is history. This is why I always espouse backing DAST with Test Automation like Selenium, etc.

However, we as security folks might find certain entry barriers in terms of coding complex QA scripts. This is why low-maintenance test automation frameworks like Robot Framework and Gauge are becoming popular.

To make things easy for people to understand, I have created a recorded live-code session video of automating OWASP ZAP with its Python API and the Gauge Test Framework. Hopefully this is useful for some of you!