ING provides a set of BDD security tests with Calabash,Cucumber and Ruby, following the OWASP Mobile Security Testing Guide and the OWASP Mobile Top 10 2016, that can be easily customized and implemented through the entire CI/CD pipeline.
The docker container can be used to spin up Calabash and the Android tools. Follow the README in the docker folder.
At the moment the docker container can only be used to test Android applications. If you want to run iOS tests you need to install Calabash native on macOS
The repo contains a simple test that can be used as a sample to check that everything works.
The repo's structure is based on the OWASP Mobile Application Security Verification Standard and the corresponding tests from the OWASP Mobile Security Testing Guide. For each test many features are defined with the corresponding steps.
In order to contribute in creating new tests, the best way is to identify first which command will be usefull to automate specific controls. Follow the following steps:
Follow the Wiki to check how to create pull requests.
The following BDD tests have been tested using the following OWASP vulnerable apps as test cases: