Websecurify

Learn more about Cross-site Scripting, SQL Injection and other web vulnerabilities by using Websecurify free and premium security tools

Run Cohesion With Maven

To configure Websecurify Cohesion to run as part of the verify stage of your maven project you need the following steps.

Step 1

First we need to configure an application server environment. For Jetty you need the following lines installed in your pom:

...
<plugin>
    <groupId>org.mortbay.jetty</groupId>
    <artifactId>maven-jetty-plugin</artifactId>
    <version>6.1.16</version>
    <configuration>
        <scanIntervalSeconds>10</scanIntervalSeconds>
        <stopPort>8005</stopPort>
        <stopKey>STOP</stopKey>
        <contextPath>/</contextPath>
    </configuration>
    <executions>
        <execution>
            <id>start-jetty</id>
            <phase>pre-integration-test</phase>
            <goals>
                <goal>run</goal>
            </goals>
            <configuration>
                <scanIntervalSeconds>0</scanIntervalSeconds>
                <daemon>true</daemon>
            </configuration>
        </execution>
        <execution>
            <id>stop-jetty</id>
            <phase>post-integration-test</phase>
            <goals>
                <goal>stop</goal>
            </goals>
        </execution>
    </executions>
</plugin>
...

The Tomcat configuration is slightly different:

...
<plugin>
    <groupId>org.apache.tomcat.maven</groupId>
    <artifactId>tomcat6-maven-plugin</artifactId>
    <version>2.0-SNAPSHOT</version>
    <configuration>
        <path>/</path>
    </configuration>
    <executions>
        <execution>
            <id>start-tomcat</id>
            <phase>pre-integration-test</phase>
            <goals>
                <goal>run</goal>
            </goals>
        </execution>
        <execution>
            <id>stop-tomcat</id>
            <phase>post-integration-test</phase>
            <goals>
                <goal>stop</goal>
            </goals>
        </execution>
    </executions>
</plugin>
...

These configurations will launch Jetty or Tomcat with your application during the integration testing phase. Make sure that you select the right version of the plugins.

Step 2

The second step is to make sure that Websecurify Cohesion runs during the integration phase. This is done with the following XML snippet:

...
<plugin>
    <groupId>com.websecurify</groupId>
    <artifactId>cohesion</artifactId>
    <version>1.1.0-SNAPSHOT</version>
    <configuration>
        <target>http://localhost:8080/</target>
    </configuration>
    <executions>
        <execution>
            <id>websecurify-scan</id>
            <phase>integration-test</phase>
            <goals>
                <goal>scan</goal>
            </goals>
        </execution>
    </executions>
</plugin>
...

Make sure to select the write version of Websecurify Cohesion. Additionally, you need to point the tool to the right target URL.

Step 3

This is enough for standard maven project. In order run the integration tests you need to type the following command:

mvn verify

This command will launch Jetty/Tomcat, start Websecurify Cohesion to perform an assessment on the application. If Websecurify Cohesion identifies any critical issues with the application, the phase will exit with a failure.

Comments Powered ByDisqus