Ramona Schwering

Plants vs. Thieves: Automated Tests in the World of Web Security

In the game of web security, your tests are the plants and hackers are the zombies. Learn how to build a powerful, automated defense using tools you already know.

Plants vs. Thieves: Automated Tests in the World of Web Security
#1about 3 minutes

Using Plants vs Zombies as a web security metaphor

The popular game Plants vs Zombies serves as an allegory for web security, where plants are countermeasures and zombies are threats to your application.

#2about 2 minutes

Why use existing test frameworks for security

Writing security tests with familiar frameworks like Cypress or Playwright can be a cost-effective alternative to buying specialized tools and allows you to leverage existing skills.

#3about 2 minutes

Understanding risks with the OWASP Top 10

The OWASP Top 10 list provides a critical starting point for security testing by ranking the most common web application security risks.

#4about 6 minutes

Writing end-to-end tests for injection attacks

A practical example demonstrates how to write a Cypress end-to-end test to detect an SQL injection vulnerability in a login form.

#5about 2 minutes

Testing for broken access control vulnerabilities

Negative tests can verify that users are correctly blocked from accessing protected pages, such as an administration panel, without proper permissions.

#6about 1 minute

How test frameworks can detect cryptographic failures

Modern testing frameworks like Cypress can inherently help detect cryptographic failures by erroring when an application attempts to navigate from an encrypted (HTTPS) to an unencrypted (HTTP) page.

#7about 2 minutes

Augmenting tests with specialized security tools

Since manual tests only cover known risks, integrating open-source tools and plugins can help discover unknown vulnerabilities and enhance your security posture.

#8about 2 minutes

Integrating security tests into your development pipeline

A five-step process for integrating security testing involves risk analysis, planning test layers, writing tests, executing them in pipelines, and iterating on the results.

#9about 2 minutes

Key takeaways for automated security testing

Test automation is a powerful complement to a security strategy, where even simple negative tests can significantly improve application safety when combined with tools and best practices.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Improving the developer feedback loop with specialized tools
03:16 MIN

Improving the developer feedback loop with specialized tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Playing a game of real or fake tech headlines
04:17 MIN

Playing a game of real or fake tech headlines

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Making accessibility tooling actionable and encouraging
03:58 MIN

Making accessibility tooling actionable and encouraging

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Featured Partners

Related Videos

Plants vs. Thieves: Automated Tests in the World of Web Security24:09

Plants vs. Thieves: Automated Tests in the World of Web Security

It's a (testing) trap! - Common testing pitfalls and how to solve them24:19

It's a (testing) trap! - Common testing pitfalls and how to solve them

Ramona Schwering

Let's get visual - Visual testing in your project54:23

Let's get visual - Visual testing in your project

Ramona Schwering

Security Blindspots and How to Learn About Them - Anna Oliveira26:28

Security Blindspots and How to Learn About Them - Anna Oliveira

Anna Oliveira

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Let's get visual - Visual testing in your project44:59

Let's get visual - Visual testing in your project

Ramona Schwering

Testing web3 applications53:58

Testing web3 applications

Soumaya Erradi

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

From learning to earning

Jobs that call for the skills explored in this talk.