The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.
Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.
The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.
A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.
Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.
Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.
Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.
A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.
Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.
24:09
24:19Ramona Schwering
25:38Ramona Schwering
45:24Evelyn Haslinger
54:23Ramona Schwering
44:40Christoph Ruggenthaler
24:01Jackie
2:08:06Antonio de Mello & Amine Abed
Jobs that call for the skills explored in this talk.
Vesterling Consulting GmbH
GULP Information Services GmbH
PVS eSolutions GmbH
PVS eSolutions GmbH
GULP Information Services GmbH