Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 4 minutes
Using automated tests as a web security defense
The game "Plants vs. Zombies" serves as an allegory for using existing testing frameworks as a cost-effective alternative to buying dedicated security tools.
#2about 3 minutes
Identifying top security risks with the OWASP Top 10
The OWASP Top 10 list is the best resource for identifying common web application vulnerabilities to focus your testing efforts on.
#3about 6 minutes
Writing end-to-end tests for injection vulnerabilities
A practical example shows how to write a Cypress test to detect an SQL injection vulnerability by asserting that a malicious login attempt fails.
#4about 2 minutes
Testing for broken access control with negative tests
A negative test case demonstrates how to verify that a user without proper permissions is blocked from accessing a protected administration page.
#5about 1 minute
How Cypress helps detect cryptographic failures
Cypress tests will automatically fail if an application attempts to navigate from an encrypted HTTPS page to an unencrypted HTTP page, helping enforce security.
#6about 2 minutes
Using plugins and tools for unknown vulnerabilities
Augment your custom test cases with open-source tools and plugins to discover security risks you may not be aware of.
#7about 2 minutes
Integrating security tests into your CI/CD pipeline
A five-step process outlines how to incorporate security testing into your workflow, from risk analysis and planning to execution in nightly builds.
#8about 2 minutes
Key takeaways for improving application security
Test automation is a powerful complement to your security strategy, especially when simple negative tests are combined with tools and applied across all testing types.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
00:45 MIN
Using Plants vs Zombies as a web security metaphor
Plants vs. Thieves: Automated Tests in the World of Web Security
00:24 MIN
Using automated tests as a line of defense
It's a (testing) trap! - Common testing pitfalls and how to solve them
08:08 MIN
Writing end-to-end tests for injection attacks
Plants vs. Thieves: Automated Tests in the World of Web Security
44:24 MIN
Q&A on Web3 testing tools and security practices
Testing web3 applications
21:58 MIN
Key takeaways for automated security testing
Plants vs. Thieves: Automated Tests in the World of Web Security
04:14 MIN
Why use existing test frameworks for security
Plants vs. Thieves: Automated Tests in the World of Web Security
17:39 MIN
Augmenting tests with specialized security tools
Plants vs. Thieves: Automated Tests in the World of Web Security
14:17 MIN
Hands-on security training for developers
How GitHub secures open source
Featured Partners
Related Videos
24:09Plants vs. Thieves: Automated Tests in the World of Web Security
Ramona Schwering
24:19It's a (testing) trap! - Common testing pitfalls and how to solve them
Ramona Schwering
26:59Security in modern Web Applications - OWASP to the rescue!
Jakub Andrzejewski
24:01What The Hack is Web App Sec?
Jackie
26:28Security Blindspots and How to Learn About Them - Anna Oliveira
Anna Oliveira
58:19Typed Security: Preventing Vulnerabilities By Design
Michael Koppmann
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
54:23Let's get visual - Visual testing in your project
Ramona Schwering
From learning to earning
Jobs that call for the skills explored in this talk.
Quality and Security by Design Engineer (m/w/d)
AKDB Anstalt für kommunale Datenverarbeitung in Bayern
München, Germany
Intermediate
Senior
IT Security
Automated Testing
Embedded Security Engineer - Schwachstellenanalyse | Car IT | Secure Coding
Prognum Automotive GmbH
Remote
C++
Professional Penetration Tester
Prosec Gmbh
Vault & PKI Test Automation Engineer / Security QA Engineer
Westhouse Consulting GmbH
Go
API
Java
Bash
Python
+4