Methods for exercising applications
After you install and configure a Contrast agent, thoroughly exercising your applications ensures that Contrast can provide the most accurate information about vulnerabilities.
These application deployment methods can help to exercise as many routes in your application as possible, depending on your tools and environment.
For best results: | Test requirements |
|---|---|
Deploy to a server that receives requests from integration and smoke tests in a CI/CD pipeline. | Existing automation tests |
Users who do manual testing | |
Deploy to server that receives requests from web application test automation tools | Automated tests |
Deploy to a server that receives requests from API testing tools | API testing tools like Postman |
DAST tools like Rapid7 | |
Free tools like Zap | |
Deploy to server that you use in a manual penetration testing environment | Either first or third party pen testers exercising applications |
Deploy to server that you use for BurpSuite-based penetration tests. | Burp (for BurpTrast integration) |
Any user who can authenticate an API | |
No test requirements. |