Plants vs. Thieves: Automated Tests in the World of Web Security

In the game of web security, your tests are the plants and hackers are the zombies. Learn how to build a powerful, automated defense using tools you already know.

#1about 3 minutes

Using Plants vs Zombies as a web security metaphor

The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.

#2about 2 minutes

Why use existing test frameworks for security

Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.

#3about 2 minutes

Understanding risks with the OWASP Top 10

The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.

#4about 6 minutes

Writing end-to-end tests for injection attacks

A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.

#5about 2 minutes

Testing for broken access control vulnerabilities

Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.

#6about 1 minute

How test frameworks can detect cryptographic failures

Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.

#7about 2 minutes

Augmenting tests with specialized security tools

Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.

#8about 2 minutes

Integrating security tests into your development pipeline

A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.

#9about 2 minutes

Key takeaways for automated security testing

Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.