Embed security into the software development life cycle. Discover how to use online security testing to validate your code and uncover vulnerabilities.
Overview
Syllabus
Introduction
- The importance of online testing
- What you should know
- Software quality assurance process
- Positive testing
- Negative testing
- SQA metrics
- OWASP Testing Guide
- Demo: OWASP ZAP
- Manual vs. automated testing
- Scanning vs. pen testing
- Testing in non-production
- Testing in production
- OSINT gathering
- Web app proxies
- Demo: Fiddler2
- Demo: Burp Suite
- Demo: Samurai Web Testing Framework (WTF)
- Scoping a web app pen test
- Avoiding production impacts
- The penetration testing execution standard
- Types of pen tests
- Web application firewalls
- SIEMs
- Purple teaming
- Demo: OWASP OWTF
- The OWASP Top Ten
- A1: Injection
- A2: Broken authentication
- A3: Sensitive data exposure
- A4: XML external entities (XXE)
- A5: Broken access control
- A6: Security misconfiguration
- A7: Cross-site scripting (XSS)
- A8: Insecure deserialization
- A9: Using components with known vulnerabilities
- A10: Insufficient logging and monitoring
- Next steps
Taught by
Jerod Brennen
