#security testing

Subscribe
Security testing is a process used to identify any potential security vulnerabilities in a system, application, or network. It involves testing the system for weaknesses that could be exploited by malicious users and finding ways to fix them. Security testing typically includes testing for authentication, authorization, data encryption, input validation, and other aspects of secure coding practices. In the context of JavaScript, security testing focuses on identifying and addressing any potential XSS, CSRF, and injection attacks that could be possible due to improper use of the language.
TestJS Summit 2022TestJS Summit 2022
87 min
Automate WebApp Security Testing using GitHub Actions (from StackHawk team)
WorkshopFree
Software development has changed - Frequent deployments, APIs, GraphQL, Cloud Architecture and CI/CD Automation are the norm. So why is security testing the same way it was a decade ago?
Leading teams are realizing that periodical penetration testing and security audits is not enough when code is being shipped daily. Instead, these teams are using developer-centric tools to run automated security testing in a CI/CD pipeline. Join Zachary Conger as he walks through how to automate application JS security testing using GitHub actions.
JSNation 2022JSNation 2022
101 min
JS Security Testing in GitHub Actions
WorkshopFree
This workshop will focus on automating software composition analysis, static application security testing and dynamic application security testing using GitHub Actions. After a brief introduction covering the different types of application security and the importance of finding security vulnerabilities before they hit production, we'll dive into a hands-on session where users will add three different security testing tool to their build pipelines.
GraphQL Galaxy 2021GraphQL Galaxy 2021
82 min
Security Testing Automation for Developers on Every Build
WorkshopFree
As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases, especially with graphQL...but it doesn't have to...
NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives / alerts, without slowing you down.
Join this workshop to learn different ways developers can access NeuraLegion's DAST scanner
&
start scanning without leaving the terminal!
We will be going through the set up end-to-end, whilst setting up a pipeline for a vulnerable GraphQL target, running security tests and looking at the results.
Table of contents:
- What developer-first DAST (Dynamic Application Security Testing) actually is and how it works
- See where and how a modern, accurate dev-first DAST fits in the CI/CD
- Integrate NeuraLegion's scanner with GitHub Actions
- Understand how modern applications, GraphQL and other APIs and authentication mechanisms can be tested
- Fork a repo, set up a pipeline, run security tests and look at the results


GraphQL Galaxy 2021GraphQL Galaxy 2021
104 min
GraphQL Security Testing Technical Workshop
WorkshopFree
We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone – putting the culture, processes, and tooling in place to make this happen is tough – especially for sophisticated applications like those backed GraphQL. In this hands-on technical session, StackHawk Senior DevOps Engineer, Zachary Conger, will walk through how to protect your GraphQL APIs from vulnerabilities using automated security testing. Get ready to roll-up your sleeves for automated AppSec testing.


TestJS Summit 2021TestJS Summit 2021
105 min
Learn to defend by learning the hacker mindset
Workshop
The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint.
This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.


TestJS Summit 2021TestJS Summit 2021
111 min
JS Security Testing Automation for Developers on Every Build
WorkshopFree
As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases...but it doesn't have to...
NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives/alerts, without slowing you down.
Join this workshop to learn different ways developers can access Nexploit
&
start scanning without leaving the terminal!
We will be going through the set up end-to-end, whilst setting up a pipeline, running security tests and looking at the results.
Table of contents:
- What developer-first DAST (Dynamic Application Security Testing) actually is and how it works
- See where and how a modern, accurate dev-first DAST fits in the CI/CD
- Integrate NeuraLegion's Nexploit scanner with GitHub Actions
- Understand how modern applications, APIs and authentication mechanisms can be tested
- Fork a repo, set up a pipeline, run security tests and look at the results


Node Congress 2021Node Congress 2021
71 min
Securing Node Applications with Automated Security Testing in CI/CD
Workshop
We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling in place to make this happen is tough - especially for sophisticated applications. Join Scott Gerlach (CSO, StackHawk) and Liran Tal (Developer Advocate, Snyk) as they dive into how you can add AppSec testing to your CI/CD pipeline to ship secure code faster.
Prerequisites:
Docker is a nice to have