Most penetration tests find vulnerabilities present in the OWASP TOP 10 lists. Applying secure by design principles is a good counter-measure, but how do we ensure that the code is actually as secure as intended?
This presentation will demonstrate a test-driven approach to application security and show how we can write automated tests to prove that our defenses work as expected.
The demos, written in Java 21, are based on a backend API using the Spring and Spring Security frameworks. Unittests will be written in JUnit 5 using AssertJ for assertions.
Target audience All concerned with building secure applications. It is good to have a basic understanding of APIs and unit testing, but the concepts and security best practices are relevant regardless of programming background and level.
Erica Edholm, Omegapoint
Tobias Ahnoff, Omegapoint
Recorded at Jfokus 2025 in Stockholm 5th of february
http://www.jfokus.se