This talk introduces a simple web testing framework and a vulnerable application. By writing tests with security implications we can illustrate issues, show how to test for them, and when we use behavior driven language (Cucumber) we can even express security issues as business features!