#security testing

Subscribe
Security testing is a process used to identify any potential security vulnerabilities in a system, application, or network. It involves testing the system for weaknesses that could be exploited by malicious users and finding ways to fix them. Security testing typically includes testing for authentication, authorization, data encryption, input validation, and other aspects of secure coding practices. In the context of JavaScript, security testing focuses on identifying and addressing any potential XSS, CSRF, and injection attacks that could be possible due to improper use of the language.
Who Are Vue? Authn In Vue, The Important Parts
Vue.js Live 2024Vue.js Live 2024
23 min
Who Are Vue? Authn In Vue, The Important Parts
This Talk introduces authentication in Vue.js and emphasizes that it is not as difficult as it may seem. The speaker explains the concept of authentication and its importance. A code example is used to demonstrate how to implement authentication in Vue.js, including separate UI parts for login, home, and dashboard views. The Talk also covers handling authentication in the Vue.js router, including defining routes, accessing user credentials, and making requests to the backend.
Building out a meaningful test suite that's not all E2E
TestJS Summit 2023TestJS Summit 2023
89 min
Building out a meaningful test suite that's not all E2E
Workshop
David Burns
David Burns
We're all taught to follow the Testing Pyramid but the reality is that we build out the Testing Christmas Tree. In this workshop, David will talk you through how to break down projects and put the tests where they need to be. By the end of the workshop you will be able to update your projects so that anyone and everyone can start contributing and truly living up to "Quality is everyone job".
He will walk you through:- Component Testing- API Testing- Visual Regression Testing- A11Y testing
He will also talk you through how to get these all setup in your CI/CD pipeline so that you can get shorter and faster feedback loops.
API Testing with Postman Workshop
TestJS Summit 2023TestJS Summit 2023
48 min
API Testing with Postman Workshop
Top Content
WorkshopFree
Pooja Mistry
Pooja Mistry
In the ever-evolving landscape of software development, ensuring the reliability and functionality of APIs has become paramount. "API Testing with Postman" is a comprehensive workshop designed to equip participants with the knowledge and skills needed to excel in API testing using Postman, a powerful tool widely adopted by professionals in the field. This workshop delves into the fundamentals of API testing, progresses to advanced testing techniques, and explores automation, performance testing, and multi-protocol support, providing attendees with a holistic understanding of API testing with Postman.
1. Welcome to Postman- Explaining the Postman User Interface (UI)2. Workspace and Collections Collaboration- Understanding Workspaces and their role in collaboration- Exploring the concept of Collections for organizing and executing API requests3. Introduction to API Testing- Covering the basics of API testing and its significance4. Variable Management- Managing environment, global, and collection variables- Utilizing scripting snippets for dynamic data5. Building Testing Workflows- Creating effective testing workflows for comprehensive testing- Utilizing the Collection Runner for test execution- Introduction to Postbot for automated testing6. Advanced Testing- Contract Testing for ensuring API contracts- Using Mock Servers for effective testing- Maximizing productivity with Collection/Workspace templates- Integration Testing and Regression Testing strategies7. Automation with Postman- Leveraging the Postman CLI for automation- Scheduled Runs for regular testing- Integrating Postman into CI/CD pipelines8. Performance Testing- Demonstrating performance testing capabilities (showing the desktop client)- Synchronizing tests with VS Code for streamlined development9. Exploring Advanced Features - Working with Multiple Protocols: GraphQL, gRPC, and more
Join us for this workshop to unlock the full potential of Postman for API testing, streamline your testing processes, and enhance the quality and reliability of your software. Whether you're a beginner or an experienced tester, this workshop will equip you with the skills needed to excel in API testing with Postman.
Modern GraphQL API Security Testing
GraphQL Galaxy 2022GraphQL Galaxy 2022
8 min
Modern GraphQL API Security Testing
DAST helps prioritize fixing application security issues by identifying discoverable and exploitable vulnerabilities. StackHawk runs active security tests against APIs to ensure safe handling of user input and output. It also implements OWASP top 10 API best practices. The tool can be used locally and in CI/CD pipelines.
Automate WebApp Security Testing using GitHub Actions (from StackHawk team)
TestJS Summit 2022TestJS Summit 2022
87 min
Automate WebApp Security Testing using GitHub Actions (from StackHawk team)
WorkshopFree
Zachary Conger
Zachary Conger
Software development has changed - Frequent deployments, APIs, GraphQL, Cloud Architecture and CI/CD Automation are the norm. So why is security testing the same way it was a decade ago?
Leading teams are realizing that periodical penetration testing and security audits is not enough when code is being shipped daily. Instead, these teams are using developer-centric tools to run automated security testing in a CI/CD pipeline. Join Zachary Conger as he walks through how to automate application JS security testing using GitHub actions.
JS Security Testing in GitHub Actions
JSNation 2022JSNation 2022
101 min
JS Security Testing in GitHub Actions
WorkshopFree
Zachary Conger
Zachary Conger
This workshop will focus on automating software composition analysis, static application security testing and dynamic application security testing using GitHub Actions. After a brief introduction covering the different types of application security and the importance of finding security vulnerabilities before they hit production, we'll dive into a hands-on session where users will add three different security testing tool to their build pipelines.
Automated Application Security Testing
React Summit 2022React Summit 2022
9 min
Automated Application Security Testing
StackHawk is a dynamic application security testing tool that helps developers find and fix security issues. The scan identified a SQL injection issue and a cross site scripting issue. The StackHawk YAML is used to configure the scanner with important information such as the application's location, environment, and ID. The scanner can also be pointed at open API spec or GraphQL definitions. Try StackHawk for free at stackhawk.com and integrate it into your development process to improve software quality.
Automated Application Security Testing
JSNation 2022JSNation 2022
9 min
Automated Application Security Testing
StackHawk is a dynamic application security testing tool that runs active security tests on various types of applications, providing simple descriptions and examples of security issues. It integrates with CI processes and provides feedback on scan findings. The StackHawk YAML is used to configure the scanner, including important information about the application and additional configuration options. OpenAPI and GraphQL integration is possible with minimal configuration.
Automated Application Security Testing with StackHawk
Node Congress 2022Node Congress 2022
9 min
Automated Application Security Testing with StackHawk
StackHawk is a dynamic application security testing tool that integrates with CI-CD workflows and simplifies finding and fixing security issues. The scan results include detailed descriptions of identified issues, along with links and request/response details for replaying the attack. The StackHawk YAML configuration allows for specifying application location, environment, and additional options for authentication and scanning exclusions.
Security Testing Automation for Developers on Every Build
GraphQL Galaxy 2021GraphQL Galaxy 2021
82 min
Security Testing Automation for Developers on Every Build
WorkshopFree
Oliver Moradov
Bar Hofesh
2 authors
As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases, especially with graphQL...but it doesn't have to...

NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives / alerts, without slowing you down.

Join this workshop to learn different ways developers can access NeuraLegion's DAST scanner & start scanning without leaving the terminal!

We will be going through the set up end-to-end, whilst setting up a pipeline for a vulnerable GraphQL target, running security tests and looking at the results.

Table of contents:
- What developer-first DAST (Dynamic Application Security Testing) actually is and how it works
- See where and how a modern, accurate dev-first DAST fits in the CI/CD
- Integrate NeuraLegion's scanner with GitHub Actions
- Understand how modern applications, GraphQL and other APIs and authentication mechanisms can be tested
- Fork a repo, set up a pipeline, run security tests and look at the results
GraphQL Security Testing Automation for Developers
GraphQL Galaxy 2021GraphQL Galaxy 2021
9 min
GraphQL Security Testing Automation for Developers
Neuraligions is a dynamic application security testing scanner designed for developers to test apps, APIs, and ensure trusted security. It seamlessly integrates into pipelines, providing accurate results without false positives. The biggest issue with security scanners is accuracy, and Neuralegion addresses this by automatically validating findings and eliminating false positives. It also provides full visibility of recurring and new issues, along with developer-friendly remediation guidelines. Integrations with common tools and APIs make collaboration seamless and accurate.
GraphQL Security Testing Technical Workshop
GraphQL Galaxy 2021GraphQL Galaxy 2021
104 min
GraphQL Security Testing Technical Workshop
WorkshopFree
Zachary Conger
Zachary Conger
We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone – putting the culture, processes, and tooling in place to make this happen is tough – especially for sophisticated applications like those backed GraphQL. In this hands-on technical session, StackHawk Senior DevOps Engineer, Zachary Conger, will walk through how to protect your GraphQL APIs from vulnerabilities using automated security testing. Get ready to roll-up your sleeves for automated AppSec testing.
Learn to defend by learning the hacker mindset
TestJS Summit 2021TestJS Summit 2021
105 min
Learn to defend by learning the hacker mindset
Workshop
Vandana Verma
Vandana Verma
The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint.

This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.
JS Do It.....Accurate Security Testing Automation for Developers
TestJS Summit 2021TestJS Summit 2021
10 min
JS Do It.....Accurate Security Testing Automation for Developers
Neuralegions is a dynamic application security testing scanner designed for developers. It allows you to build the scan surface from the first unit tests, seamlessly integrating into your pipelines. With no false positives, you can trust the output to quickly detect and fix security vulnerabilities. Eurolegion provides comprehensive coverage, supporting web apps, internal apps, and APIs. It can handle client-side dynamic content and integrates with existing functional scripts. Scans are fast and can test for business logic vulnerabilities. Authenticated scans are fully supported. The biggest issue with security scanners is accuracy. Developers want to know real issues, not hyperbole. Neuralegion focuses on removing false positives automatically. It validates every finding with a full proof of concept, eliminating the need for manual validation. Full visibility of recurring and new issues is provided, along with developer-friendly remediation guidelines. Neuralegion seamlessly integrates into your pipeline, allowing developers to shift left and scan every commit or pull request.
Are we Forever Doomed to Software Supply Chain Security?
TestJS Summit 2021TestJS Summit 2021
17 min
Are we Forever Doomed to Software Supply Chain Security?
The Talk discusses the importance of software security and the risks associated with open-source software supply chains. It highlights real-world stories of developers' involvement in security incidents and emphasizes the need to trust the software we use. The Talk also addresses the vulnerabilities and targeted attacks that come with the growing dependency on open-source software. It explores the security risks in open-source dependencies, open-source ecosystems, and the future of open source software. Additionally, it provides insights into choosing the best vulnerability scanning software and promoting supply chain security practices.
JS Security Testing Automation for Developers on Every Build
TestJS Summit 2021TestJS Summit 2021
111 min
JS Security Testing Automation for Developers on Every Build
WorkshopFree
Oliver Moradov
Bar Hofesh
2 authors
As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases...but it doesn't have to...

NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives/alerts, without slowing you down.

Join this workshop to learn different ways developers can access Nexploit & start scanning without leaving the terminal!

We will be going through the set up end-to-end, whilst setting up a pipeline, running security tests and looking at the results.

Table of contents:
- What developer-first DAST (Dynamic Application Security Testing) actually is and how it works
- See where and how a modern, accurate dev-first DAST fits in the CI/CD
- Integrate NeuraLegion's Nexploit scanner with GitHub Actions
- Understand how modern applications, APIs and authentication mechanisms can be tested
- Fork a repo, set up a pipeline, run security tests and look at the results
Securing Node Applications with Automated Security Testing in CI/CD
Node Congress 2021Node Congress 2021
71 min
Securing Node Applications with Automated Security Testing in CI/CD
Workshop
Scott Gerlach
Liran Tal
2 authors
We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling in place to make this happen is tough - especially for sophisticated applications. Join Scott Gerlach (CSO, StackHawk) and Liran Tal (Developer Advocate, Snyk) as they dive into how you can add AppSec testing to your CI/CD pipeline to ship secure code faster.
Prerequisites:Docker is a nice to have
Security Testing for GraphQL Backed Applications
GraphQL Galaxy 2020GraphQL Galaxy 2020
7 min
Security Testing for GraphQL Backed Applications
I'm Ryan Severns, COO of StackHawk, an application security testing tool that focuses on GraphQL. StackHawk offers active automated testing of GraphQL endpoints to find potential security vulnerabilities. The tool integrates with developer tools like Slack and Jira for easy vulnerability management and bug fixing. It provides detailed information, including request, response, and curl command, for debugging. StackHawk offers free single user accounts and team trials, and visitors can find more information at their booth in GraphQL Galaxy.
Security Testing for JS Apps
TestJS Summit - January, 2021TestJS Summit - January, 2021
5 min
Security Testing for JS Apps
Stackhawk is an application security tool that focuses on dynamic application and API security testing. It is built on top of the open source ZAP project and designed for automation in CICD. Stackhawk provides a comprehensive set of tools for application security testing and bug fixing, including viewing findings, recreating requests, and easily fixing vulnerabilities. It allows for triaging findings and integrating with other engineering stacks. Visit stackhawk.com to sign up for a free account and learn more at docs.stackhawk.com.
Panel Discussion: Application Security Testing
TestJS Summit - January, 2021TestJS Summit - January, 2021
30 min
Panel Discussion: Application Security Testing
Scott Gerlach
Vandana Verma
Liran Tal
Sam Stepanyan
4 authors
The panel discussion on application security testing covered various perspectives on DevSecOps, emphasizing the importance of shifting security left and the role of automation. Collaboration between developers and security teams was highlighted, as well as the need for developer-friendly security tooling. Pain points in integrating security testing early in the pipeline were discussed, including technical and cultural challenges. Open source project recommendations for building a secure pipeline were also provided.
Automated Security Testing for JS Apps & Underlying APIs
JSNation Live 2021JSNation Live 2021
8 min
Automated Security Testing for JS Apps & Underlying APIs
StackHawk is a dynamic application security testing tool that helps find and fix security vulnerabilities. It integrates with your engineering stack and works with popular players in CICD. The DAST scanner crawls your application, tests it, and provides a summary of the findings, including cross-site scripting and SQL injection issues. The output in CICD includes a link to triage the issues.