Using Pown Templates with SecApps Raygun
This page provides an overview of how to use Pown templates with SecApps Raygun, a web security regression testing solution. We will explain what Pown templates are, how to create them, and how to use them to test the security of your web applications.
- pown
- templates
- web security
- regression testing
Pown templates are a powerful way to test the security of your web applications with SecApps Raygun. Pown templates are written in the yaml format, and they are used to define the tests that Pown will perform.
A basic Pown template consists of one or more "tasks". Each task is a specific action that Pown will perform, such as making an HTTP request or creating a vulnerability. Tasks are executed from top to bottom, and if one task fails to match, the whole execution is aborted.
To create a Pown template, you need to define the tasks that you want to perform. The "request" task is used to make HTTP requests, and it looks like this:
request:
method: GET
uri: ${ORIGIN}/path/to/vuln
match: responseCode === 200
In this example, we are making a GET request to the specified URI, and we are checking to see if the response code is 200. If the response code is not 200, the whole execution is aborted.
The "issue" task is used to create a new vulnerability. It looks like this:
issue:
signature: abc123 # unique
title: Vulnerable abc123
description: Vulnerability description
level: 9 # critical
In this example, we are creating a new vulnerability with a unique signature, a title, a description, and a level of 9 (which indicates a critical vulnerability).
The "update" task is used to update the status of the Raygun instance or project. It looks like this:
update:
status: regression
In this example, we are updating the status of the issue to include the keyword "regression". You can use any keyword that you like.
Once you have created your Pown template, you can add it to your Raygun project. To do this, simply go to the "Template" section of your project, and click on paste the template code. You can then run the template as part of your regression testing process.
In conclusion, Pown templates are a powerful way to test the security of your web applications with SecApps Raygun. They allow you to define and run specific tests for vulnerabilities, and fix any issues that are found. For more information on how to use Pown templates, please refer to the Pown documentation.