The "Plants vs. Zombies" game is used as an analogy to frame automated tests as a protective measure against security threats.
The OWASP Top 10 project is introduced, focusing on broken access control, cryptographic failures, and injection as key vulnerabilities to test for.
Practical code examples demonstrate how to write automated tests to detect cross-site scripting (XSS), CSRF, and SQL injection vulnerabilities.
Configure Cypress to check for the presence and correctness of Content Security Policy (CSP) headers to prevent certain types of injection attacks.
Cover authentication flows with dedicated tests, including negative test cases for invalid credentials, to prevent unauthorized access.
Cypress automatically fails tests on non-HTTPS sites, providing a built-in check for basic cryptographic failures like missing SSL/TLS certificates.
Beyond writing test cases, use tools for static analysis (SAST), dynamic analysis (DAST), and dependency scanning to find vulnerabilities you might not know about.
Adopt a repeatable process that involves learning your app's vulnerabilities, creating a test plan, writing targeted tests, and integrating them into your CI/CD pipeline.
Test automation is a powerful complement to other security measures, simple test cases are highly effective, and all testing types can be utilized.
Frame security tests as a "messenger" that automates vigilance, saving developers cognitive load and protecting user trust by catching issues early.
Sensory-Minds GmbH
Offenbach am Main, Germany
24:09Ramona Schwering
24:09
28:12Luise Freese
43:07Golo Roden
25:38Ramona Schwering
28:41Alexander Pirker
44:59Ramona Schwering
26:20Augustin Gottlieb
Jobs that call for the skills explored in this talk.
Kastgroup
Wallisellen, Switzerland
Kastgroup
Wallisellen, Switzerland
Cloudspace LLC
New York, United States of America
Kite IT GmbH
Mannheim, Germany
SVA System Vertrieb Alexander GmbH
