Ramona Schwering

Plants vs. Thieves: Automated Tests in the World of Web Security

In the game of web security, your tests are the plants and hackers are the zombies. Learn how to build a powerful, automated defense using tools you already know.

Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes

Using Plants vs Zombies as a web security metaphor

The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.

#2about 2 minutes

Why use existing test frameworks for security

Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.

#3about 2 minutes

Understanding risks with the OWASP Top 10

The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.

#4about 6 minutes

Writing end-to-end tests for injection attacks

A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.

#5about 2 minutes

Testing for broken access control vulnerabilities

Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.

#6about 1 minute

How test frameworks can detect cryptographic failures

Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.

#7about 2 minutes

Augmenting tests with specialized security tools

Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.

#8about 2 minutes

Integrating security tests into your development pipeline

A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.

#9about 2 minutes

Key takeaways for automated security testing

Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.

Related jobs
Jobs that call for the skills explored in this talk.

Manual QA Engineer

Eltemate

Eltemate
Amsterdam, Netherlands

Intermediate
Senior
Test Planning
Manual Testing
+1

Matching moments

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Scripting presentations and demos in VS Code
14:14 MIN

Scripting presentations and demos in VS Code

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Getting hired by contributing to open source projects
05:32 MIN

Getting hired by contributing to open source projects

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Featured Partners

Related Videos

Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

It's a (testing) trap! - Common testing pitfalls and how to solve them24:19

It's a (testing) trap! - Common testing pitfalls and how to solve them

Ramona Schwering

Let's get visual - Visual testing in your project54:23

Let's get visual - Visual testing in your project

Ramona Schwering

Security Blindspots and How to Learn About Them - Anna Oliveira26:28

Security Blindspots and How to Learn About Them - Anna Oliveira

Anna Oliveira

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Let's get visual - Visual testing in your project44:59

Let's get visual - Visual testing in your project

Ramona Schwering

Testing web3 applications53:58

Testing web3 applications

Soumaya Erradi

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?

From learning to earning

Jobs that call for the skills explored in this talk.