Automated tests for security vulnerabilities can contribute to the enforcing of components and prevent possible regressions.
In order to write automated tests for vulnerabilities, you have a number of options:
How many of these tests should you add? That depends on the risks for the component you’re working on. We can never achieve 100% security, and the question is how much should we invest in getting close to where we want to be? Overall, it’s better to add too many tests, if it’s easy, than too few. If they prove to be slow, you can always run them automatically only during the nightly builds – and there are usually ways to speed them up if needed.