diff --git a/.brightsec/tests/delete-rmuser-sampleuser.test.ts b/.brightsec/tests/delete-rmuser-sampleuser.test.ts
new file mode 100644
index 00000000..5e4aa666
--- /dev/null
+++ b/.brightsec/tests/delete-rmuser-sampleuser.test.ts
@@ -0,0 +1,33 @@
+import { test, before, after } from 'node:test';
+import { Severity, AttackParamLocation, HttpMethod } from '@sectester/scan';
+import { SecRunner } from '@sectester/runner';
+
+let runner!: SecRunner;
+
+before(async () => {
+  runner = new SecRunner({
+    hostname: process.env.BRIGHT_HOSTNAME!,
+    projectId: process.env.BRIGHT_PROJECT_ID!
+  });
+
+  await runner.init();
+});
+
+after(() => runner.clear());
+
+const timeout = 40 * 60 * 1000;
+const baseUrl = process.env.BRIGHT_TARGET_URL!;
+
+test('DELETE /rmuser/sampleUser', { signal: AbortSignal.timeout(timeout) }, async () => {
+  await runner
+    .createScan({
+      tests: ['csrf', 'bopla', 'excessive_data_exposure', 'mass_assignment', 'secret_tokens'],
+      attackParamLocations: [AttackParamLocation.PATH]
+    })
+    .threshold(Severity.CRITICAL)
+    .timeout(timeout)
+    .run({
+      method: HttpMethod.DELETE,
+      url: `${baseUrl}/rmuser/sampleUser`
+    });
+});
diff --git a/.brightsec/tests/post-adduser.test.ts b/.brightsec/tests/post-adduser.test.ts
new file mode 100644
index 00000000..bc023841
--- /dev/null
+++ b/.brightsec/tests/post-adduser.test.ts
@@ -0,0 +1,35 @@
+import { test, before, after } from 'node:test';
+import { Severity, AttackParamLocation, HttpMethod } from '@sectester/scan';
+import { SecRunner } from '@sectester/runner';
+
+let runner!: SecRunner;
+
+before(async () => {
+  runner = new SecRunner({
+    hostname: process.env.BRIGHT_HOSTNAME!,
+    projectId: process.env.BRIGHT_PROJECT_ID!
+  });
+
+  await runner.init();
+});
+
+after(() => runner.clear());
+
+const timeout = 40 * 60 * 1000;
+const baseUrl = process.env.BRIGHT_TARGET_URL!;
+
+test('POST /adduser', { signal: AbortSignal.timeout(timeout) }, async () => {
+  await runner
+    .createScan({
+      tests: ['mass_assignment', 'excessive_data_exposure', 'csrf', 'xss', 'secret_tokens'],
+      attackParamLocations: [AttackParamLocation.BODY]
+    })
+    .threshold(Severity.CRITICAL)
+    .timeout(timeout)
+    .run({
+      method: HttpMethod.POST,
+      url: `${baseUrl}/adduser`,
+      body: JSON.stringify({ username: 'sampleUser', password: 'samplePass' }),
+      headers: { 'Content-Type': 'application/json' }
+    });
+});
diff --git a/README.md b/README.md
index d65e15af..33e038dc 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+test
+
 Mosca&nbsp;&nbsp;&nbsp;[![Build Status](https://travis-ci.org/mcollina/mosca.svg)](https://travis-ci.org/mcollina/mosca)&nbsp;&nbsp;[![Coverage Status](https://coveralls.io/repos/mcollina/mosca/badge.svg)](https://coveralls.io/r/mcollina/mosca)
 ====================