Schema-Based Testing Setup¶

This article describes how to enable and configure Wallarm's Schema-Based Testing.

Enable¶

Schema-Based Testing is disabled by default. To enable:

1. If in Wallarm Console you do not see the Security Testing → Schema-Based section, contact the Wallarm support team to enable.

2. Go to the Security Testing → Schema-Based → Test policies tab and create at least one policy.

Prerequisites - token¶

Schema-Based Testing requires a token for authorizing data exchange between running Patrol's Docker container and Wallarm Cloud. The token can be created in two ways:

• Automatically - Schema-Based Testing will create it automatically and include into the docker run command on first attempt to copy Docker command from any policy. Other policies will re-use already existing token.

• Manually - in Wallarm Console, go to Settings → API Tokens, click New token; on creation, set Token usage to Schema-Based Testing agent. All policies will use this token.

Configure test policies¶

Test policy defines persistently:

• Application's OpenAPI specification

• Tests to run

Besides persistent parameters that are the same for any test run, each test policy may optionally include parameters that can be re-defined during each next test run (Runtime parameters). Re-defining the runtime parameters can be useful for embedding of Docker into the CI/CD pipelines:

• Application's Target URL

  (although can be redefined during each run, some initial value is required)

• Authentication parameters

To configure test policy:

1. Go to Wallarm Console → Security Testing → Schema-Based → Test policies.

2. Click Add policy, attach OpenApi specification file.

3. Select test types to run.

4. Set Target URL (can be re-defined dynamically during each test run).

5. Optionally, add other Runtime parameters.

   

You can edit previously created policies: while clicking policy itself opens its Docker command info, you can click the edit button to access the edit dialog:

Docker run¶

As test policy is created, it provides you with the Docker run command which allows you start tests for your application:

1. Go to Wallarm Console → Security Testing → Schema-Based → Test policies.

2. Click you policy. The policy's Docker command will be displayed.

   

3. Copy command and run it or embed into your CI/CD pipeline. This will run security tests selected in the policy for your application.

   Remember that you can re-define the policy's Runtime parameters on each run by adding the corresponding -e parameters to the Docker run command, for example:

   -e TARGET_URL="http://dvapi.st.wallarm.tools" 
   -e AUTH_HEADER="Authorization: Bearer <VALUE>"
   

4. View run statistics and test run results on the Test runs tab.

Deleting policies¶

You can delete a test policy. If you do so:

• Information on previous test runs will remain untouched

• You will not be able to run Docker's command based on the deleted policy

• If policy's Docker containers are running, they will continue to do so

• When policy's Docker containers stop, you will not be able to re-run them

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send