Ramona Schwering
Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes
Using Plants vs Zombies as a web security metaphor
The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.
#2about 2 minutes
Why use existing test frameworks for security
Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.
#3about 2 minutes
Understanding risks with the OWASP Top 10
The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.
#4about 6 minutes
Writing end-to-end tests for injection attacks
A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.
#5about 2 minutes
Testing for broken access control vulnerabilities
Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.
#6about 1 minute
How test frameworks can detect cryptographic failures
Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.
#7about 2 minutes
Augmenting tests with specialized security tools
Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.
#8about 2 minutes
Integrating security tests into your development pipeline
A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.
#9about 2 minutes
Key takeaways for automated security testing
Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
01:01 MIN
Using automated tests as a web security defense
Plants vs. Thieves: Automated Tests in the World of Web Security
14:17 MIN
Hands-on security training for developers
How GitHub secures open source
44:24 MIN
Q&A on Web3 testing tools and security practices
Testing web3 applications
17:39 MIN
Using plugins and tools for unknown vulnerabilities
Plants vs. Thieves: Automated Tests in the World of Web Security
08:08 MIN
Writing end-to-end tests for injection vulnerabilities
Plants vs. Thieves: Automated Tests in the World of Web Security
20:34 MIN
Applying security tools in test and delivery phases
Securing Your Web Application Pipeline From Intruders
55:17 MIN
Avoiding common security mistakes and giving better feedback
The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks
21:58 MIN
Key takeaways for improving application security
Plants vs. Thieves: Automated Tests in the World of Web Security
Featured Partners
Related Videos
24:09Plants vs. Thieves: Automated Tests in the World of Web Security
24:19It's a (testing) trap! - Common testing pitfalls and how to solve them
Ramona Schwering
25:38Measure and improve frontend performance by using test automation
Ramona Schwering
45:24How will artificial intelligence change the future of software testing?
Evelyn Haslinger
54:23Let's get visual - Visual testing in your project
Ramona Schwering
24:01What The Hack is Web App Sec?
Jackie
53:58Testing web3 applications
Soumaya Erradi
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
From learning to earning
Jobs that call for the skills explored in this talk.