Skip to main content

Security Test Sets

This article provides useful information for creating security test sets. Custom security test sets are also available upon request from Cyara support. Read on to learn more.

OWASP Top Ten

The OWASP Top Ten is a list of the current security threats for web applications. Some of them are very content-specific and should be covered by conversational flow tests:

Standard Security Tests

Other points from the list are covered by the standard Security Testing with ZAProxy.

Tip: One point in the list, Insufficient Logging & Monitoring, cannot be covered by tests at all, as it fully depends on the application's logging and monitoring setup.

Custom Test Sets

Several points on the OWASP Top Ten list can be detected by writing custom test sets, simulating the actions of a malicious hacker:

  • Injection (SQL, NoSQL): An attacker might send malicious input that is typically interpreted by SQL or NoSQL databases. If no data store is involved, your application is most likely safe.
  • Cross-Site Scripting (XSS): An attacker might send input that is interpreted by the web browser, injecting malicious functionality into a website. If your chatbot doesn’t allow text input, it is most likely safe.
Tip: For these two scenarios, you can contact Cyara Support to request Cyara's Custom Test Sets, which contain malicious input for XSS Injection and SQL Injection.

You can then import these files using the Import from file function in Botium and run them against your chatbot: go to Botium Tools & Settings > Test Sets > Test Cases > New > Import from file



Running XSS and SQL Injection Tests

Was this article helpful?

0 out of 0 found this helpful