Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 4 minutes
Using automated tests as a web security defense
The game "Plants vs. Zombies" serves as an allegory for using existing testing frameworks as a cost-effective alternative to buying dedicated security tools.
#2about 3 minutes
Identifying top security risks with the OWASP Top 10
The OWASP Top 10 list is the best resource for identifying common web application vulnerabilities to focus your testing efforts on.
#3about 6 minutes
Writing end-to-end tests for injection vulnerabilities
A practical example shows how to write a Cypress test to detect an SQL injection vulnerability by asserting that a malicious login attempt fails.
#4about 2 minutes
Testing for broken access control with negative tests
A negative test case demonstrates how to verify that a user without proper permissions is blocked from accessing a protected administration page.
#5about 1 minute
How Cypress helps detect cryptographic failures
Cypress tests will automatically fail if an application attempts to navigate from an encrypted HTTPS page to an unencrypted HTTP page, helping enforce security.
#6about 2 minutes
Using plugins and tools for unknown vulnerabilities
Augment your custom test cases with open-source tools and plugins to discover security risks you may not be aware of.
#7about 2 minutes
Integrating security tests into your CI/CD pipeline
A five-step process outlines how to incorporate security testing into your workflow, from risk analysis and planning to execution in nightly builds.
#8about 2 minutes
Key takeaways for improving application security
Test automation is a powerful complement to your security strategy, especially when simple negative tests are combined with tools and applied across all testing types.
Related jobs
Jobs that call for the skills explored in this talk.
Eltemate
Amsterdam, Netherlands
Intermediate
Senior
TypeScript
Continuous Integration
+1
Matching moments
04:57 MIN
Increasing the value of talk recordings post-event
Cat Herding with Lions and Tigers - Christian Heilmann
03:17 MIN
Selecting strategic partners and essential event tools
Cat Herding with Lions and Tigers - Christian Heilmann
04:49 MIN
Using content channels to build an event community
Cat Herding with Lions and Tigers - Christian Heilmann
03:38 MIN
Balancing the trade-off between efficiency and resilience
What 2025 Taught Us: A Year-End Special with Hung Lee
04:57 MIN
Developing resilience by expanding your capacity for failure
What 2025 Taught Us: A Year-End Special with Hung Lee
03:48 MIN
Automating formal processes risks losing informal human value
What 2025 Taught Us: A Year-End Special with Hung Lee
05:18 MIN
Incentivizing automation with a 'keep what you kill' policy
What 2025 Taught Us: A Year-End Special with Hung Lee
04:22 MIN
Why HR struggles with technology implementation and adoption
What 2025 Taught Us: A Year-End Special with Hung Lee
Featured Partners
Related Videos
24:09Plants vs. Thieves: Automated Tests in the World of Web Security
Ramona Schwering
24:19It's a (testing) trap! - Common testing pitfalls and how to solve them
Ramona Schwering
26:28Security Blindspots and How to Learn About Them - Anna Oliveira
Anna Oliveira
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
54:23Let's get visual - Visual testing in your project
Ramona Schwering
26:59Security in modern Web Applications - OWASP to the rescue!
Jakub Andrzejewski
24:01What The Hack is Web App Sec?
Jackie
44:59Let's get visual - Visual testing in your project
Ramona Schwering
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Integrity360
PHP
C++
Java
Unix
Ruby
+5
ITech Consult AG
Zürich, Switzerland
Remote
CHF166-208K
Java
Scrum
Spring
+3
SAP AG
Berlin, Germany
Kali Linux
GitLab
Bristol, United Kingdom
£131-282K
API
C++
Gitlab
Burp Suite
+1
GitLab
Glasgow, United Kingdom
£131-282K
API
C++
Gitlab
Burp Suite
+1
GitLab
Sheffield, United Kingdom
£131-282K
API
C++
Gitlab
Burp Suite
+1