Plants vs. Thieves: Automated Tests in the World of Web Security

Your existing test framework is your best first defense. Learn to write automated security tests with Cypress to catch vulnerabilities before they reach production.

Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 4 minutes

Using automated tests as a web security defense

The game "Plants vs. Zombies" serves as an allegory for using existing testing frameworks as a cost-effective alternative to buying dedicated security tools.

#2about 3 minutes

Identifying top security risks with the OWASP Top 10

The OWASP Top 10 list is the best resource for identifying common web application vulnerabilities to focus your testing efforts on.

#3about 6 minutes

Writing end-to-end tests for injection vulnerabilities

A practical example shows how to write a Cypress test to detect an SQL injection vulnerability by asserting that a malicious login attempt fails.

#4about 2 minutes

Testing for broken access control with negative tests

A negative test case demonstrates how to verify that a user without proper permissions is blocked from accessing a protected administration page.

#5about 1 minute

How Cypress helps detect cryptographic failures

Cypress tests will automatically fail if an application attempts to navigate from an encrypted HTTPS page to an unencrypted HTTP page, helping enforce security.

#6about 2 minutes

Using plugins and tools for unknown vulnerabilities

Augment your custom test cases with open-source tools and plugins to discover security risks you may not be aware of.

#7about 2 minutes

Integrating security tests into your CI/CD pipeline

A five-step process outlines how to incorporate security testing into your workflow, from risk analysis and planning to execution in nightly builds.

#8about 2 minutes

Key takeaways for improving application security

Test automation is a powerful complement to your security strategy, especially when simple negative tests are combined with tools and applied across all testing types.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

See all videos
Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

Ramona Schwering

It's a (testing) trap! - Common testing pitfalls and how to solve them24:19

It's a (testing) trap! - Common testing pitfalls and how to solve them

Ramona Schwering

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Let's get visual - Visual testing in your project54:23

Let's get visual - Visual testing in your project

Ramona Schwering

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

From learning to earning

Jobs that call for the skills explored in this talk.

Security Engineer

UserTesting, Inc.
Edinburgh, United Kingdom

Remote
DevOps
Terraform
Amazon Web Services (AWS)