Ramona Schwering

Plants vs. Thieves: Automated Tests in the World of Web Security

In the game of web security, your tests are the plants and hackers are the zombies. Learn how to build a powerful, automated defense using tools you already know.

Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes

Using Plants vs Zombies as a web security metaphor

The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.

#2about 2 minutes

Why use existing test frameworks for security

Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.

#3about 2 minutes

Understanding risks with the OWASP Top 10

The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.

#4about 6 minutes

Writing end-to-end tests for injection attacks

A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.

#5about 2 minutes

Testing for broken access control vulnerabilities

Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.

#6about 1 minute

How test frameworks can detect cryptographic failures

Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.

#7about 2 minutes

Augmenting tests with specialized security tools

Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.

#8about 2 minutes

Integrating security tests into your development pipeline

A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.

#9about 2 minutes

Key takeaways for automated security testing

Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Balancing business, technology, and people for holistic success
06:51 MIN

Balancing business, technology, and people for holistic success

The Future of HR Lies in AND – Not in OR

Shifting from talent acquisition to talent architecture
03:28 MIN

Shifting from talent acquisition to talent architecture

The Future of HR Lies in AND – Not in OR

How AI can create more human moments in HR
03:13 MIN

How AI can create more human moments in HR

The Future of HR Lies in AND – Not in OR

The importance of a fighting spirit to avoid complacency
06:04 MIN

The importance of a fighting spirit to avoid complacency

The Future of HR Lies in AND – Not in OR

Moving from 'or' to 'and' thinking in HR strategy
06:59 MIN

Moving from 'or' to 'and' thinking in HR strategy

The Future of HR Lies in AND – Not in OR

Understanding global differences in work culture and motivation
06:10 MIN

Understanding global differences in work culture and motivation

The Future of HR Lies in AND – Not in OR

Navigating ambiguity as a core HR competency
04:22 MIN

Navigating ambiguity as a core HR competency

The Future of HR Lies in AND – Not in OR

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

It's a (testing) trap! - Common testing pitfalls and how to solve them24:19

It's a (testing) trap! - Common testing pitfalls and how to solve them

Ramona Schwering

Let's get visual - Visual testing in your project54:23

Let's get visual - Visual testing in your project

Ramona Schwering

Security Blindspots and How to Learn About Them - Anna Oliveira26:28

Security Blindspots and How to Learn About Them - Anna Oliveira

Anna Oliveira

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Let's get visual - Visual testing in your project44:59

Let's get visual - Visual testing in your project

Ramona Schwering

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

From learning to earning

Jobs that call for the skills explored in this talk.