Nov 9, 2024

Plants vs. Thieves: Automated Tests in the World of Web Security

Your existing test framework is your best first defense. Learn to write automated security tests with Cypress to catch vulnerabilities before they reach production.

#1about 4 minutes

Using automated tests as a web security defense

The game "Plants vs. Zombies" serves as an allegory for using existing testing frameworks as a cost-effective alternative to buying dedicated security tools.

#2about 3 minutes

Identifying top security risks with the OWASP Top 10

The OWASP Top 10 list is the best resource for identifying common web application vulnerabilities to focus your testing efforts on.

#3about 6 minutes

Writing end-to-end tests for injection vulnerabilities

A practical example shows how to write a Cypress test to detect an SQL injection vulnerability by asserting that a malicious login attempt fails.

#4about 2 minutes

Testing for broken access control with negative tests

A negative test case demonstrates how to verify that a user without proper permissions is blocked from accessing a protected administration page.

#5about 1 minute

How Cypress helps detect cryptographic failures

Cypress tests will automatically fail if an application attempts to navigate from an encrypted HTTPS page to an unencrypted HTTP page, helping enforce security.

#6about 2 minutes

Using plugins and tools for unknown vulnerabilities

Augment your custom test cases with open-source tools and plugins to discover security risks you may not be aware of.

#7about 2 minutes

Integrating security tests into your CI/CD pipeline

A five-step process outlines how to incorporate security testing into your workflow, from risk analysis and planning to execution in nightly builds.

#8about 2 minutes

Key takeaways for improving application security

Test automation is a powerful complement to your security strategy, especially when simple negative tests are combined with tools and applied across all testing types.

Eltemate
Amsterdam, Netherlands

Intermediate

Senior

TypeScript

Continuous Integration

+1

Eltemate
Amsterdam, Netherlands

Intermediate

Senior

Test Planning

Manual Testing

+1

Power Plus Communications
Mannheim, Germany

Intermediate

Senior

Python

Automated Testing

+1

Comparing the security models of browsers and native apps

05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The security challenges of building AI browser agents

06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Improving the developer feedback loop with specialized tools

03:16 MIN

Improving the developer feedback loop with specialized tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Crypto crime, EU regulation, and working while you sleep

01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The security risks of AI-generated code and slopsquatting

05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Malware campaigns, cloud latency, and government IT theft

01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Playing a game of real or fake tech headlines

04:17 MIN

Playing a game of real or fake tech headlines

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

Making accessibility tooling actionable and encouraging

03:58 MIN

Making accessibility tooling actionable and encouraging

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Featured Partners

Plants vs. Thieves: Automated Tests in the World of Web Security

Plants vs. Thieves: Automated Tests in the World of Web Security

Ramona Schwering

about a year ago • WeAreDevelopers LIVE

It's a (testing) trap! - Common testing pitfalls and how to solve them

It's a (testing) trap! - Common testing pitfalls and how to solve them

Ramona Schwering

about a year ago • World Congress 2024

Security Blindspots and How to Learn About Them - Anna Oliveira

Security Blindspots and How to Learn About Them - Anna Oliveira

Anna Oliveira

about 2 months ago • Coffee With Developers

Securing Your Web Application Pipeline From Intruders

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

about 5 years ago • WeAreDevelopers LIVE

Let's get visual - Visual testing in your project

Let's get visual - Visual testing in your project

Ramona Schwering

about 3 years ago • WeAreDevelopers LIVE

Security in modern Web Applications - OWASP to the rescue!

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

about 2 years ago • World Congress 2023

What The Hack is Web App Sec?

What The Hack is Web App Sec?

Jackie

about 7 months ago • Coffee With Developers

Let's get visual - Visual testing in your project

Let's get visual - Visual testing in your project

Ramona Schwering

about 4 years ago • JavaScript Congress

Related Articles

View all articles

CH

Chris Heilmann

Dev Digest 138 - Are you secure about this?

Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...

Dev Digest 138 - Are you secure about this?

DC

Daniel Cranney

Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...

Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

Dev Digest 105 - Security First

Last Friday's Dev Digest was mostly about security and game topics, so let's take a look what you didn't get in your inbox. We also covered some brand new online courses to get started as a developer or refresh your knowledge. And we wrapped up CODE1...

Dev Digest 105 - Security First

CH

Chris Heilmann

Dev Digest 112 - The True Crime of AI Development

In last Friday's Dev Digest, we had some great AI news, some worrying security threats and a swipe-aware game in CSS with explanations! News and ArticlesLet's kick off with some AI news. Netflix caused a stir with AI-generated images in a true crime ...

Dev Digest 112 - The True Crime of AI Development

From learning to earning

Jobs that call for the skills explored in this talk.

{"@context":"https://schema.org/","@type":"JobPosting","title":"Penetration Tester

Integrity360

PHP

C++

Java

Unix

Ruby

+5

Test Automation Engineer with Playwright and TypeScript Knowledge

Epam Systems, Inc.
Zürich, Switzerland

Selenium

Cucumber

TypeScript

Tricentis Tosca Testsuite

Customer Security Engineer, Pentesting

Aikido Security
Ghent, Belgium

Remote

Pen Tester | Security Tester

All About Expats
Utrecht, Netherlands

iOS

Java

.NET

Azure

Linux

+4

Product Security Engineer Associate with focus on Pentesting for SAP Signavio

SAP AG
Berlin, Germany

Kali Linux

{"@context":"https://schema.org/","@type":"JobPosting","title":"Penetration Tester

Tesco PLC

£41K

API

Penetration Tester - CHECK Team Member

Digital Waffle

Remote

Junior

Bash

Python

Powershell

Scripting (Bash/Python/Go/Ruby)

Offensive Security Tester Red Team

Client Server
Charing Cross, United Kingdom

Remote

£35-50K

C++

Java

Python

Embedded Security Engineer - Schwachstellenanalyse | Car IT | Secure Coding

Prognum Automotive GmbH
Ulm, Germany

Remote

C++