Ramona Schwering
Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes
Using Plants vs Zombies as a web security metaphor
The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.
#2about 2 minutes
Why use existing test frameworks for security
Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.
#3about 2 minutes
Understanding risks with the OWASP Top 10
The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.
#4about 6 minutes
Writing end-to-end tests for injection attacks
A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.
#5about 2 minutes
Testing for broken access control vulnerabilities
Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.
#6about 1 minute
How test frameworks can detect cryptographic failures
Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.
#7about 2 minutes
Augmenting tests with specialized security tools
Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.
#8about 2 minutes
Integrating security tests into your development pipeline
A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.
#9about 2 minutes
Key takeaways for automated security testing
Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.
Related jobs
Jobs that call for the skills explored in this talk.
Power Plus Communications
Mannheim, Germany
Intermediate
Senior
Python
Automated Testing
+1
WALTER GROUP
Wiener Neudorf, Austria
Junior
Intermediate
Python
JavaScript
+1
MARKT-PILOT GmbH
Stuttgart, Germany
Remote
€75-90K
Senior
Java
TypeScript
+1
Matching moments
Featured Partners
Related Videos
24:09Plants vs. Thieves: Automated Tests in the World of Web Security
24:19It's a (testing) trap! - Common testing pitfalls and how to solve them
Ramona Schwering
54:23Let's get visual - Visual testing in your project
Ramona Schwering
26:28Security Blindspots and How to Learn About Them - Anna Oliveira
Anna Oliveira
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
44:59Let's get visual - Visual testing in your project
Ramona Schwering
26:59Security in modern Web Applications - OWASP to the rescue!
Jakub Andrzejewski
24:01What The Hack is Web App Sec?
Jackie
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
ITech Consult AG
Zürich, Switzerland
Remote
CHF166-208K
Java
Scrum
Spring
+3
SAP AG
Berlin, Germany
Kali Linux
Integrity360
PHP
C++
Java
Unix
Ruby
+5
GitLab
Bristol, United Kingdom
£131-282K
API
C++
Gitlab
Burp Suite
+1
GitLab
Sheffield, United Kingdom
£131-282K
API
C++
Gitlab
Burp Suite
+1
GitLab
Glasgow, United Kingdom
£131-282K
API
C++
Gitlab
Burp Suite
+1
Ninedots
Python
CircleCI
Amazon Web Services (AWS)