there is no security testing ovirt web interface.
we probably have a lot of easily fixable problems.
I've just discovered about ZAP
make poc with basic tests as jenkins job [to be yaml|has]
decide whether we want to progress and customize or hand it for that to QE's.
let's not forget that the problem here is not something that can be completely solved with automation
- it's a holistic problem we need to always be aware of...