Modern GraphQL API Security Testing 

Automated Application Security Testing 

Automated Application Security Testing with StackHawk

Securing Node Applications with Automated Security Testing in CI/CD

Panel Discussion: Application Security Testing

Automated Security Testing for JS Apps & Underlying APIs

Scott Gerlach

Learn to defend by learning the hacker mindset

Vandana Verma

Security Testing for GraphQL Backed Applications

Lighting Talks - Day 1 - GraphQL Galaxy 2020

Security Testing for JS Apps

Ryan Severns

Are we Forever Doomed to Software Supply Chain Security?

Liran Tal

Sam Stepanyan

Automate WebApp Security Testing using GitHub Actions (from StackHawk team)

JS Security Testing in GitHub Actions

GraphQL Security Testing Technical Workshop

Zachary Conger

Matt Tanner

Brecht De Rooms

Security Testing Automation for Developers on Every Build

GraphQL Security Testing Automation for Developers

JS Do It.....Accurate Security Testing Automation for Developers

JS Security Testing Automation for Developers on Every Build

Oliver Moradov

Bar Hofesh

Building out a meaningful test suite that's not all E2E

David Burns

API Testing with Postman Workshop

Pooja Mistry

GraphQL Galaxy

GraphQL Galaxy 2022

With StackHawk, engineering teams can run security tests against GraphQL APIs to find and fix vulnerabilities before they hit production. With automated testing on every PR, you can be confident that your app is secure. Join StackHawk co-founder and Chief Security Officer Scott Gerlach for a quick overview of GraphQL security testing with StackHawk.

React Summit

React Summit 2022

Traditional security testing for JS apps has focused on the front-end, but actual security issues most often lie in the backing REST API. Join StackHawk co-founder Scott Gerlach for a quick overview of why you need to rethink how you test your JS apps and how StackHawk can help you find and fix security bugs fast.

JS Nation

JSNation 2022

Traditional security testing for JS apps has focused on the front-end, but actual security issues most often lie in the backing REST API. Join StackHawk co-founder Scott Gerlach for a quick overview of why you need to rethink how you test your JS apps and how StackHawk can help you find and fix security bugs fast.

Node Congress

Node Congress 2022

Traditional security testing for Node and JS apps has focused on the front-end, but actual security issues most often lie in the backing REST API. Join StackHawk co-founder Scott Gerlach for a quick overview of why you need to rethink how you test your JS apps and how StackHawk can help you find and fix security bugs fast. You can check the slides for Scotts's talk <a href="https://drive.google.com/file/d/1nRupxCNMRXs3aCi_ymS_EMahjCwjmx8n/view?usp=sharing">here</a>. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

GraphQL Galaxy 2021

NeuraLegion's developer friendly security scanner enables development teams to run dead accurate security tests on every build as part of their pipeline. False alerts and periodic infrequent scanning results in technical and security debt, as well as insecure product. But what is developer first DAST, when and how should you be integrating it into your pipelines and what should you be looking for when enhancing your GrapQL security testing automation? Join this talk to get up to date. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

TestJS Summit

TestJS Summit 2021

<div>NeuraLegion's developer friendly security scanner enables development teams to run dead accurate security tests on every build as part of their pipeline. False alerts and periodic infrequent scanning results in technical and security debt, as well as insecure product. But what is developer first DAST, when and how should you be integrating it into your pipelines and what should you be looking for when enhancing your security testing automation? Join this talk to get up to date.</div> <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

GraphQL Galaxy 2020

<div><div><div><div><div>With StackHawk, engineering teams can run security tests against GraphQL backed applications to find and fix vulnerabilities before they hit production. With automated testing on every PR, you can be confident that your GraphQL API is secure. Join StackHawk co-founder Ryan Severns for a quick overview of GraphQL security with StackHawk.</div></div></div></div></div> <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

TestJS Summit - January, 2021

With StackHawk, engineering teams can run security tests against JS applications and the backing APIs to find and fix vulnerabilities before they hit production. With automated testing on every PR, you can be confident that your app is secure. Join StackHawk co-founder Ryan Severns for a quick overview of JS application security testing with StackHawk. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

JSNation Live

JSNation Live 2021

With StackHawk, engineering teams can run security tests against JS applications and the backing APIs to find and fix vulnerabilities fasters. With automated testing on every PR, you can be confident that your app is secure. Join StackHawk co-founder Scott Gerlach for a quick overview of JS application security testing with StackHawk. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

TestJS Summit 2023

We're all taught to follow the Testing Pyramid but the reality is that we build out the Testing Christmas Tree. In this workshop, David will talk you through how to break down projects and put the tests where they need to be. By the end of the workshop you will be able to update your projects so that anyone and everyone can start contributing and truly living up to "Quality is everyone job". He will walk you through:<ul><li>- Component Testing</li><li>- API Testing</li><li>- Visual Regression Testing</li><li>- A11Y testing</li></ul> He will also talk you through how to get these all setup in your CI/CD pipeline so that you can get shorter and faster feedback loops.

In the ever-evolving landscape of software development, ensuring the reliability and functionality of APIs has become paramount. "API Testing with Postman" is a comprehensive workshop designed to equip participants with the knowledge and skills needed to excel in API testing using Postman, a powerful tool widely adopted by professionals in the field. This workshop delves into the fundamentals of API testing, progresses to advanced testing techniques, and explores automation, performance testing, and multi-protocol support, providing attendees with a holistic understanding of API testing with Postman. 1. Welcome to Postman- Explaining the Postman User Interface (UI)2. Workspace and Collections Collaboration- Understanding Workspaces and their role in collaboration- Exploring the concept of Collections for organizing and executing API requests3. Introduction to API Testing- Covering the basics of API testing and its significance4. Variable Management- Managing environment, global, and collection variables- Utilizing scripting snippets for dynamic data5. Building Testing Workflows- Creating effective testing workflows for comprehensive testing- Utilizing the Collection Runner for test execution- Introduction to Postbot for automated testing6. Advanced Testing- Contract Testing for ensuring API contracts- Using Mock Servers for effective testing- Maximizing productivity with Collection/Workspace templates- Integration Testing and Regression Testing strategies7. Automation with Postman- Leveraging the Postman CLI for automation- Scheduled Runs for regular testing- Integrating Postman into CI/CD pipelines8. Performance Testing- Demonstrating performance testing capabilities (showing the desktop client)- Synchronizing tests with VS Code for streamlined development9. Exploring Advanced Features - Working with Multiple Protocols: GraphQL, gRPC, and more Join us for this workshop to unlock the full potential of Postman for API testing, streamline your testing processes, and enhance the quality and reliability of your software. Whether you're a beginner or an experienced tester, this workshop will equip you with the skills needed to excel in API testing with Postman.

TestJS Summit 2022

Software development has changed - Frequent deployments, APIs, GraphQL, Cloud Architecture and CI/CD Automation are the norm. So why is security testing the same way it was a decade ago? Leading teams are realizing that periodical penetration testing and security audits is not enough when code is being shipped daily. Instead, these teams are using developer-centric tools to run automated security testing in a CI/CD pipeline. Join Zachary Conger as he walks through how to automate application JS security testing using GitHub actions.

This workshop will focus on automating software composition analysis, static application security testing and dynamic application security testing using GitHub Actions. After a brief introduction covering the different types of application security and the importance of finding security vulnerabilities before they hit production, we'll dive into a hands-on session where users will add three different security testing tool to their build pipelines.

As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases, especially with graphQL...but it doesn't have to... NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives / alerts, without slowing you down. Join this workshop to learn different ways developers can access NeuraLegion's DAST scanner &amp; start scanning without leaving the terminal! We will be going through the set up end-to-end, whilst setting up a pipeline for a vulnerable GraphQL target, running security tests and looking at the results. Table of contents: - What developer-first DAST (Dynamic Application Security Testing) actually is and how it works - See where and how a modern, accurate dev-first DAST fits in the CI/CD - Integrate NeuraLegion's scanner with GitHub Actions - Understand how modern applications, GraphQL and other APIs and authentication mechanisms can be tested - Fork a repo, set up a pipeline, run security tests and look at the results <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone – putting the culture, processes, and tooling in place to make this happen is tough – especially for sophisticated applications like those backed GraphQL. In this hands-on technical session, StackHawk Senior DevOps Engineer, Zachary Conger, will walk through how to protect your GraphQL APIs from vulnerabilities using automated security testing. Get ready to roll-up your sleeves for automated AppSec testing. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint. This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more. <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases...but it doesn't have to... NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives/alerts, without slowing you down. Join this workshop to learn different ways developers can access Nexploit &amp; start scanning without leaving the terminal! We will be going through the set up end-to-end, whilst setting up a pipeline, running security tests and looking at the results. Table of contents: - What developer-first DAST (Dynamic Application Security Testing) actually is and how it works - See where and how a modern, accurate dev-first DAST fits in the CI/CD - Integrate NeuraLegion's Nexploit scanner with GitHub Actions - Understand how modern applications, APIs and authentication mechanisms can be tested - Fork a repo, set up a pipeline, run security tests and look at the results <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

Node Congress 2021

We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling in place to make this happen is tough - especially for sophisticated applications. Join Scott Gerlach (CSO, StackHawk) and Liran Tal (Developer Advocate, Snyk) as they dive into how you can add AppSec testing to your CI/CD pipeline to ship secure code faster. Prerequisites:Docker is a nice to have <a href="https://www.froala.com/wysiwyg-editor?pb=1"> </a>

#security testing