Selenium is a framework for the automated testing of web applications and enables you to record sequences of actions, like entering data in forms and clicking buttons. You can replay Selenium recordings on demand to ensure that the web application behaves as desired.
Consider a use case where a user selects an item to buy, proceeds through the shopping cart, checkout, and payment option screens to finally process the purchase of the item. There is no way to reach the "Purchase" web page using a direct URL or by simply crawling the site. Organizations can create Selenium test suites for all the use cases of their product, and ensure that difficult to reach pages such as the Purchase page are tested correctly.
AppSpider can use Selenium scripts to scan the pages that are important for your use cases. First, AppSpider replays the Selenium scripts and records the network traffic. Then, it generates vulnerability tests based on its knowledge of the visited web pages and their parameters.
AppSpider supports Selenium scripts in a variety of formats, such as:
- Java Selenium scripts (.jar)
- C# Selenium scripts (.exe)
- Custom batched Selenium scripts (.bat)
- Firefox legacy IDE Selenium scripts (.htm)
Selenium Recordings Toolbar
The toolbar contains the following options:
- Restrict scan to Selenium recording - AppSpider will only crawl the pages and test the actions from the Selenium script. AppSpider will not crawl or test any other pages.
- Add - Adds a Selenium file from your filesystem for scanning.
- Bulk Add - Opens the “Bulk Files Import” window so you can add all Selenium files from a selected directory on your filesystem.
- Delete - Removes the selected Selenium file from the list.
- Up - Moves the selected recording higher in the scan queue.
- Down - Moves the selected recording lower in the scan queue.
- Web Driver - Selects the Web Driver (reference: https://www.seleniumhq.org/docs/03_webdriver.jsp) for your Selenium script. The AppSpider install process has an option for you to install the Chrome web driver. If you had selected this option, AppSpider will use the default Chrome web driver with which it was installed.
Scan using Selenium recordings
To scan the traffic produced from a Selenium recording:
- Create a Selenium script and save the file on your computer.
Selenium files in this section should assume that the user is already authenticated. Selenium files for authentication should be recorded separately and uploaded to the Authentication tab of the scan config.
- Open the "Selenium Recordings" screen and click Add in the toolbar. This will open the "Open Selenium file" popup.
- Navigate to the location of your Selenium script on the filesystem and select it. The path to the script will now appear in the Selenium Recordings table under the "File Path" column.
- Repeat the previous steps to add multiple selenium files. If your Selenium files are all under one directory, you can use the Bulk Add button to add multiple Selenium files to your scan.
- If the Selenium files need to be run in a specific order, rearrange the sequence using the Up and Down buttons.
- Select the Restrict to Selenium Files option if you are only interested in the web pages used in your Selenium scripts.