React Summit

React Summit 2022

StackHawk is a dynamic application security testing tool that helps developers find and fix security issues. The scan identified a SQL injection issue and a cross site scripting issue. The StackHawk YAML is used to configure the scanner with important information such as the application's location, environment, and ID. The scanner can also be pointed at open API spec or GraphQL definitions. Try StackHawk for free at stackhawk.com and integrate it into your development process to improve software quality.

Traditional security testing for JS apps has focused on the front-end, but actual security issues most often lie in the backing REST API. Join StackHawk co-founder Scott Gerlach for a quick overview of why you need to rethink how you test your JS apps and how StackHawk can help you find and fix security bugs fast.

Automated Application Security Testing 

Scott Gerlach

DevOps.js

DevOps.js Conf 2022

StackHawk is a dynamic application security testing tool that helps you find and fix security bugs in your running applications. It runs active security tests on your REST API, GraphQL API, SOAP API, server-side application, and single-page applications. StackHawk ensures that your application handles user input and output safely and follows OWASP top 10 best practices for application security. We make dynamic testing fast by placing the scanner close to the application and using open standards to inform the scanner. The scanner is configured via YAML, and findings are triaged to provide simple descriptions and examples for issue identification and resolution. You can push the identified issues to a JIRA ticket for prioritization and resolution. Once triaged, the scanner will remember the issues and stop notifying you. Start a free trial at stackhawk.com to experience its benefits.

<div>Traditional security testing for JS apps has focused on the front-end, but actual security issues most often lie in the backing REST API. Join StackHawk co-founder Scott Gerlach for a quick overview of why you need to rethink how you test your JS apps and how StackHawk can help you find and fix security bugs fast.</div> <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Automated Application Security Testing

Node Congress

Node Congress 2022

StackHawk is a dynamic application security testing tool that integrates with CI-CD workflows and simplifies finding and fixing security issues. The scan results include detailed descriptions of identified issues, along with links and request/response details for replaying the attack. The StackHawk YAML configuration allows for specifying application location, environment, and additional options for authentication and scanning exclusions.

Traditional security testing for Node and JS apps has focused on the front-end, but actual security issues most often lie in the backing REST API. Join StackHawk co-founder Scott Gerlach for a quick overview of why you need to rethink how you test your JS apps and how StackHawk can help you find and fix security bugs fast. You can check the slides for Scotts's talk <a href="https://drive.google.com/file/d/1nRupxCNMRXs3aCi_ymS_EMahjCwjmx8n/view?usp=sharing">here</a>. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Automated Application Security Testing with StackHawk

GraphQL Galaxy

GraphQL Galaxy 2021

This workshop focuses on security testing automation for developers, with a specific emphasis on GraphQL. Neuralegion offers a comprehensive security testing solution for developers, supporting various types of applications and providing actionable results with remediation guidelines. The tool integrates seamlessly into CI/CD pipelines and prioritizes accuracy by minimizing false positives. Support and assistance are available 24/7, and the tool provides detailed information about findings and multiple ways to copy requests for debugging. Overall, the workshop highlights the importance of putting security testing into the hands of developers and offers practical solutions to integrate security into the development process.

As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases, especially with graphQL...but it doesn't have to... NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives / alerts, without slowing you down. Join this workshop to learn different ways developers can access NeuraLegion's DAST scanner &amp; start scanning without leaving the terminal! We will be going through the set up end-to-end, whilst setting up a pipeline for a vulnerable GraphQL target, running security tests and looking at the results. Table of contents: - What developer-first DAST (Dynamic Application Security Testing) actually is and how it works - See where and how a modern, accurate dev-first DAST fits in the CI/CD - Integrate NeuraLegion's scanner with GitHub Actions - Understand how modern applications, GraphQL and other APIs and authentication mechanisms can be tested - Fork a repo, set up a pipeline, run security tests and look at the results <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Security Testing Automation for Developers on Every Build

Oliver Moradov

Bar Hofesh

Neuraligions is a dynamic application security testing scanner designed for developers to test apps, APIs, and ensure trusted security. It seamlessly integrates into pipelines, providing accurate results without false positives. The biggest issue with security scanners is accuracy, and Neuralegion addresses this by automatically validating findings and eliminating false positives. It also provides full visibility of recurring and new issues, along with developer-friendly remediation guidelines. Integrations with common tools and APIs make collaboration seamless and accurate.

NeuraLegion's developer friendly security scanner enables development teams to run dead accurate security tests on every build as part of their pipeline. False alerts and periodic infrequent scanning results in technical and security debt, as well as insecure product. But what is developer first DAST, when and how should you be integrating it into your pipelines and what should you be looking for when enhancing your GrapQL security testing automation? Join this talk to get up to date. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

GraphQL Security Testing Automation for Developers

TestJS Summit

TestJS Summit 2021

Today's Workshop covered a range of topics related to web application security. It emphasized the importance of understanding and addressing security in everyday activities. The Workshop discussed various vulnerabilities and techniques for exploiting them, including SQL injection and cross-site scripting. It also highlighted the significance of secure design, proper authentication and session management, and the detection of breaches. Resources such as the OWASP Top 10 and the Security Knowledge Framework were recommended for further learning.

The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint. This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Learn to defend by learning the hacker mindset

Vandana Verma

This workshop covers automated accessibility testing, including linting, Just Axe, and Cypress Audit. Manual testing is essential for ensuring accessibility. The workshop explores the limitations of linting and introduces Just Axe to check for accessibility issues. Cypress Audit is used to detect contrast issues that code-based tests can't find. Lighthouse thresholds are set for accessibility, and a Lighthouse report is created to identify and fix issues. The workshop also addresses troubleshooting and setting background and foreground colors for maximum contrast.

Do your automated tests include a11y checks? This workshop will cover how to get started with jest-axe to detect code-based accessibility violations, and Lighthouse CI to validate the accessibility of fully rendered pages. No amount of automated tests can replace manual accessibility testing, but these checks will make sure that your manual testers aren't doing more work than they need to. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Automated accessibility testing with jest-axe and Lighthouse CI

Bonnie Schulkin

This workshop introduces developers to security testing automation using Neuralegion's Developer First DAST. It covers the challenges of application security testing, the limitations of static analysis tools, and the benefits of using DAST tools. The workshop includes hands-on exercises on forking a repo, running scans, analyzing results, and testing authentication mechanisms. Neuralegion's DAST features include API security testing, automatic validation of findings, seamless integration into pipelines, and optimization of scan speeds. The workshop also covers setting up CI workflows, running scans, and analyzing vulnerabilities. Participants can ask questions and receive continued support beyond the workshop.

As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases...but it doesn't have to... NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives/alerts, without slowing you down. Join this workshop to learn different ways developers can access Nexploit &amp; start scanning without leaving the terminal! We will be going through the set up end-to-end, whilst setting up a pipeline, running security tests and looking at the results. Table of contents: - What developer-first DAST (Dynamic Application Security Testing) actually is and how it works - See where and how a modern, accurate dev-first DAST fits in the CI/CD - Integrate NeuraLegion's Nexploit scanner with GitHub Actions - Understand how modern applications, APIs and authentication mechanisms can be tested - Fork a repo, set up a pipeline, run security tests and look at the results <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

JS Security Testing Automation for Developers on Every Build

Vue.js Live Conference

Vue.js London Live 2021

Today, I'm going to tell you how developers can use automated application security testing to protect their Vue apps. I'll explain what it means to shift left, show an example of a cross-site scripting vulnerability, and provide the tools you need to find these vulnerabilities before production. Let's jump into an example of our Vue app with cross-site scripting. We have FontTalk, a message board where users can discuss fonts and style their posts. Bob logs in and sees a conversation about fonts. Unaware of cross-site scripting, his account is compromised. The malicious image tag sends his confidential information to the attacker. To prevent this, we need to make changes in the code.

Frontend frameworks like Vue are vulnerable to unsanitized inputs to execute malicious code. The patterns that allow for this are generally understood, but there are still some cases when your apps might still be at risk. Learn how you can implement automated application security to keep your apps safe. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

#automated security