The workshops from the list below are the complimentary part of full tickets.
The recordings of most workshops will be shared with full ticket holders after the conference.
Workshops will be run remotely via Zoom.
Automated Security Testing of GraphQL APIs with Express
We’ve all heard the buzz around pushing application security into the hands of developers, but if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone - putting the culture, processes, and tooling in place to make this happen is tough - especially for sophisticated applications. Join StackHawk CSO Scott Gerlach as he shares how you can add application security testing to your CI/CD pipeline for a GraphQL API with Express.
January 25, 17:00-18:00 CET. Remote.
Testing React Server Calls: Loading and Errors
When you make a server call from your React application, you want to let the user know what's going on. Is the application waiting for the server? Did the server return an error? In this workshop, we will discuss how to mock the server response and test the sequence of expected phases for the app depending on the server response.
- - Brief introduction to TDD
- - Plan the (single-component) app to test
- - Brief introduction to Testing Library and its philosophy
- - Mock server response with Mock Service Worker
- - Write tests using Testing Library
- - Write the application to make the tests pass
- - Discuss code in more realistic app (implementation involves Redux Saga)
- Familiarity with React and the useState hook;
- Download and run npm install on the workshop repository (link to be posted the week before the workshop).
This workshop is best for Front End Developers.
Intermediate.
January 25, 18:00-20:00 CET. Remote.
Testing Web Applications Using Cypress
This workshop will teach you the basics of writing useful end-to-end tests using Cypress Test Runner.
We will cover writing tests, covering every application feature, structuring tests, intercepting network requests, and setting up the backend data.
Anyone who knows JavaScript programming language and has NPM installed would be able to follow along.
Most of all the workshop fits developers who need to write end-to-end tests for their websites and web applications.
January 26, 16:00-19:00 CET. Remote.
Introduction to JS Functional Testing at Scale
There are thousands of ways if not more to set up your automated testing environment. When it comes to stability and maintainability it is crucial to choose the right frameworks at the beginning of the journey. The ecosystem provides a variety of different tools that all rely on certain protocols and come with different levels of support for different use cases.
While there are the traditional WebDriver based JavaScript frameworks like Selenium or WebdriverIO, many new projects have popped up in recent years that provide even more capabilities, particularly for front-end developers.
In this workshop we will take a look at the JavaScript framework landscape for automated functional testing, such as Puppeteer, Playright, Cypress, and others. We will explore what their differences are and how to choose the right tool for your project. Then, we will look at various scenarios, from basic functional test concepts to complex visual and frontend performance tests and complete the session with scaling up our solution using a cloud vendor like Sauce Labs.
Key Takeaways
- Understand the principles of browser automation
- Learn to pick the right JavaScript framework for your project
- Master various of common automation scenarios including network stubbing, visual and automated performance testing using traditional frameworks such as WebdriverIO or newer tools like Puppeteer, Playwright or Cypress
- Knowledge of JavaScript
- Node 14 LTS installed
- Your preferred IDE installed
January 27, 16:00-19:00 CET.
Unleash the Power of Node.js Component (Integration) Tests
This workshop deals with component/integration tests which are the most powerful technique for testing modern backends. This type of tests focuses on realistic scenarios, user-oriented flows, production-like conditions. To achieve this high reliability it includes databases, message queues, the web framework, API, and all the other moving pieces that exist in our… production. This workshop takes it beyond the basics and covers also advanced topics like testing with message queues, optimizing a DB for testing, simulating failure by 3rd parties services, and more. By the end of the workshop, after practicing how to simplify the setup and increase the bugs coverage with more testing techniques - Your tests
value will greatly increase. Warning: This might make you really looove tests.
- - Lecture: New challenges demand a new toolbox - Testing plain functions or API is common knowledge, but how should a test approach challenges like seeding a database, tearing it down, checking the communication between Microservices, authorization, testing error handling, and other beyond the basics things that happen in production? Meet component tests, a hybrid between unit and integration tests, that becomes slowly a standard weapon for testing modern backends.
- - Class exercise: Coding our first component tests - Let's craft some real-world tests against our real-world backend which involves real-world DB and real-world 3rd party services. Yay, it’s all real-world.
- - Lecture: More power for me - Let's take your skills above the average and discuss strategic topics like error handling tests, testing secured routes, testing our OpenAPI docs (i.e. Swagger), messages queues, and more.
- - Class exercise: Pro component tests - Ready to code advanced tests that provide even more confidence? In this exercise, you will practice advanced test scenarios.
Experience in writing Node.js backend; familiarity with writing automated testing (e.g. unit or integration).
Intermediate to advanced.
February 1, 16:00-19:30 CET. Remote. The workshop will be recorded partially (lecture part only).
Hacking Modern Web apps with RCE and Prototype Pollution
If you are the kind of person who enjoys webinars with practical information that you can immediately apply when you go back to work, this webinar is for you, all action, no fluff :)
"Hacking Modern Web apps: Master the Future of Attack Vectors" is a web security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your websec kung-fu to the next level. In this brief 60-minute webinar we will explain what the course covers and give you a few lab samples covering the following topics:
- RCE options against Node.js applications
- Introduction to Prototype Pollution
- Prototype Pollution attacks in practice
This content should be interesting for any JavaScript developer or tester interested in security in Web and Desktop applications. Node.js developers might find this most interesting.
From new to advanced, content should keep all skill levels happy.
February 2, 17:00-18:00 CET. Remote. The workshop won't be recorded.
Hacking Modern Desktop apps with XSS and RCE
If you are the kind of person who enjoys webinars with practical information that you can immediately apply when you go back to work, this webinar is for you, all action, no fluff :)
"Hacking Modern Desktop apps: Master the Future of Attack Vectors" is a desktop app security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your desktop app security auditing kung-fu to the next level. The course covers attacks and mitigation against desktop apps on Linux, Windows and Mac OS X. The focus focuses on Electron but the techniques covered will be helpful against other desktop platforms, as well as CSP bypasses and other web security techniques. In this brief 60-minute webinar we will explain what the course covers and give you a few lab samples covering the following topics:
- Essential techniques to audit Electron applications
- What XSS means in a desktop application
- How to turn XSS into RCE in Modern apps
- Attacking preload scripts
- RCE via IPC
This content should be interesting for any JavaScript developer or tester interested in security in Web and Desktop applications. Electron developers might find this most interesting.
From new to advanced, content should keep all skill levels happy.
February 2, 18:15-19:15 CET. Remote. The workshop won't be recorded.
Uniform Browser Automation Infrastructure: Selenium, Pupppeteer and Playwright Tests on Laptop and in Remote Cluster
There are a lot of different types of tests and all of them are important. However, the only way to check that your product is working correctly is running it in the same environment as its user does. For web applications such environment is a browser. This is why reliable browser automation infrastructure nowadays is very important.
In this workshop, I will show you how to quickly deploy and use browser automation infrastructure with Moon solution. We will start by deploying everything on your workstation and will soon be able to run Selenium, Playwright and Puppeteer tests in parallel in the same cluster. Then I will demonstrate how to easily deliver the same experience for your team using a remote cluster in the cloud platform.
Intermediate.
February 3, 17:00-19:00 CET. Remote.
Security Testing Automation for Developers to Get Compliance on Every Build
As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing just delays releases...
NeuraLegion's developer focussed AppSec testing technology enables developers to detect, prioritise and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing down DevOps.
Join this workshop to learn different ways developers can access NexDAST & start scanning without leaving the terminal!
- - What DAST (Dynamic Application Security Testing) actually means and how it works
- - What is CI/CD and how GitHub Actions work
- - How to call the NexDAST scanner from GitHub Actions and run it efficiently
- - What the results mean from this scanner
February 4, 16:00-17:30 CET. Remote.