Overview

Wallarm Framework for Application Security Testing (FAST) enables
on-going security testing as a part of CI/CD. With continuous integration
and continuous deployment, applications are not shrink-wrapped software
anymore, applications are a service. To protect this service, security and
test automation needs to become a continuous service as well.

Wallarm FAST is focused on server-side application security testing. It generates application test baselines by analyzing all incoming HTTP requests. To implement this, the initial unit and smoke test traffic is proxied through an easy-to-deploy Wallarm FAST proxy. For each baseline a set of tests is generated using fuzzing and the Wallarm threat database, which includes payloads for such common attacks as xss,
sqli, rce & path traversal. Wallarm FAST then runs these sets of tests. Test Runs can be started manually or initiated by events in the CI/CD environment, such as build completion. Wallarm FAST is designed to be a flexible test environment and provide Test Automation As A Service (TAaaS).

It is stack independent and will test applications developed in .NET, Java, Python, Ruby, PHP, and other development environments. Tests can be run locally or from the Wallarm Cloud service allowing DevOps full configuration control without having
to worry about deployment environment, scale, or flexibility.
FAST supports the following protocols (including nested protocol) for Deep Packet Inspection:
HTTP/2.0, REST, JSON, COMET, XML, SOAP,
Base64, GZIP, VIEWSTATE, PHP (unserialize).