Ramona Schwering
Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes
Using Plants vs Zombies as a web security metaphor
The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.
#2about 2 minutes
Why use existing test frameworks for security
Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.
#3about 2 minutes
Understanding risks with the OWASP Top 10
The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.
#4about 6 minutes
Writing end-to-end tests for injection attacks
A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.
#5about 2 minutes
Testing for broken access control vulnerabilities
Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.
#6about 1 minute
How test frameworks can detect cryptographic failures
Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.
#7about 2 minutes
Augmenting tests with specialized security tools
Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.
#8about 2 minutes
Integrating security tests into your development pipeline
A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.
#9about 2 minutes
Key takeaways for automated security testing
Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
00:24 MIN
Using automated tests as a line of defense
It's a (testing) trap! - Common testing pitfalls and how to solve them
01:01 MIN
Using automated tests as a web security defense
Plants vs. Thieves: Automated Tests in the World of Web Security
14:17 MIN
Hands-on security training for developers
How GitHub secures open source
44:24 MIN
Q&A on Web3 testing tools and security practices
Testing web3 applications
00:03 MIN
From vulnerability researcher to automated security founder
The transformative impact of GenAI for software development and its implications for cybersecurity
17:39 MIN
Using plugins and tools for unknown vulnerabilities
Plants vs. Thieves: Automated Tests in the World of Web Security
08:08 MIN
Writing end-to-end tests for injection vulnerabilities
Plants vs. Thieves: Automated Tests in the World of Web Security
01:10 MIN
Making web application security accessible to developers
What The Hack is Web App Sec?
Featured Partners
Related Videos
24:09Plants vs. Thieves: Automated Tests in the World of Web Security
24:19It's a (testing) trap! - Common testing pitfalls and how to solve them
Ramona Schwering
54:23Let's get visual - Visual testing in your project
Ramona Schwering
24:01What The Hack is Web App Sec?
Jackie
53:58Testing web3 applications
Soumaya Erradi
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
42:40Building Security Champions
Tanya Janca
44:40Enabling automated 1-click customer deployments with built-in quality and security
Christoph Ruggenthaler
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
