Writing secure code is hard, and that’s why I love the idea of security tests. I’ve spent countless hours researching tools, integrating them into the pipeline, and help developers use them. It’s all based on one big assumption: security tests can detect real, juicy vulnerabilities. But have we ever stopped and questioned this assumption? I didn’t – until I started preparing a talk about how security tests can help people write more secure code. The point was to see how many vulnerabilities we can find by scanning a vulnerable application with security testing. But you’d be surprised to find out how many were actually detected. In the session, we’ll find out how many security issues we can detect in OWASP Juice Shop by using various security tests. Ready to put security tests to the test?