The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.
Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.
The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.
A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.
Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.
Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.
Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.
A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.
Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.
Wilken GmbH
Ulm, Germany
tree-IT GmbH
Bad Neustadt an der Saale, Germany
24:09
24:19Ramona Schwering
25:38Ramona Schwering
45:24Evelyn Haslinger
54:23Ramona Schwering
26:28Anna Oliveira
24:39Ramona Schwering
24:01Jackie
Jobs that call for the skills explored in this talk.
FUTURETRACK GMBH
Frankfurt am Main, Germany
SVA System Vertrieb Alexander GmbH
SAP AG
Berlin, Germany
Rapid7
CodeConvergence
Charing Cross, United Kingdom
Confiancethales
Canton de Versailles-2, France
Thales Deutschland GmbH
München, Germany
