Qualys Blog

www.qualys.com
Jason Kent

How to Enhance Web Application Scanning with Selenium

selenium-ide-logoSelenium IDE is an integrated development environment for Selenium scripts. It is an open-source tool implemented as a Firefox extension that allows you to record, edit, replay and debug tests. You can use it to record yourself performing an activity such as clicking a series of buttons or logging into a web site, and QualysGuard WASv2 will play the recording back at the appropriate time as part of a web application scan.

Where do you get Selenium IDE?

Go to http://seleniumhq.org and download the IDE that works with your platform.

How do I use Selenium IDE?
We suggest watching these two short videos on installing and using Selenium. After watching these, it will be easy to see how to best use Selenium IDE for authentication and for crawling complex environments.

Video: Selenium Introduction

Video: Integration of Selenium in QualysGuard WAS

When is it most appropriate to use Selenium IDE?

Authentication is often the biggest use of Selenium we see.  Making machines operate correctly with applications that were designed for human interaction can be difficult.  It is often simple for a human to determine where the username and password fields are in an application, in addition to the login or submit buttons.  Often times, however, you want to go deeper into the application and you need to navigate past a form to get there.

I like to use the example of purchasing an airline ticket.  The first thing you will need is the date of departure.  This date cannot be in the past, and cannot be too far into the future.  The other things you might need to know is where to start and end, these places must have airports.  All of this is pretty simple for a human to figure out, but not so easy for a machine.  So, recording the date of departure, start and end cities, and initiating the search, allows for the most interactivity and allows for the scanner to reach much further into the web application.

Now that you can authenticate more simply to the web site, and navigate further into the application, you are truly making the scanner do what you need it to do.

Leave a Reply