Ramona Schwering

Plants vs. Thieves: Automated Tests in the World of Web Security

In the game of web security, your tests are the plants and hackers are the zombies. Learn how to build a powerful, automated defense using tools you already know.

Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes

Using Plants vs Zombies as a web security metaphor

The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.

#2about 2 minutes

Why use existing test frameworks for security

Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.

#3about 2 minutes

Understanding risks with the OWASP Top 10

The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.

#4about 6 minutes

Writing end-to-end tests for injection attacks

A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.

#5about 2 minutes

Testing for broken access control vulnerabilities

Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.

#6about 1 minute

How test frameworks can detect cryptographic failures

Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.

#7about 2 minutes

Augmenting tests with specialized security tools

Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.

#8about 2 minutes

Integrating security tests into your development pipeline

A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.

#9about 2 minutes

Key takeaways for automated security testing

Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.

Related jobs
Jobs that call for the skills explored in this talk.

Angular Developer

Picnic Technologies B.V.
Amsterdam, Netherlands

Intermediate
Senior

Featured Partners

Related Videos

Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

It's a (testing) trap! - Common testing pitfalls and how to solve them24:19

It's a (testing) trap! - Common testing pitfalls and how to solve them

Ramona Schwering

Measure and improve frontend performance by using test automation25:38

Measure and improve frontend performance by using test automation

Ramona Schwering

How will artificial intelligence change the future of software testing?45:24

How will artificial intelligence change the future of software testing?

Evelyn Haslinger

Let's get visual - Visual testing in your project54:23

Let's get visual - Visual testing in your project

Ramona Schwering

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Testing web3 applications53:58

Testing web3 applications

Soumaya Erradi

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

From learning to earning

Jobs that call for the skills explored in this talk.

Security Engineer

UserTesting, Inc.
Edinburgh, United Kingdom

Remote
DevOps
Terraform
Amazon Web Services (AWS)