Embed security into the software development lifecycle. Discover how to use offline security testing to validate your code and uncover vulnerabilities.
Offline Application Security Testing Essential Training
Overview
Syllabus
Introduction
- The importance of static testing
- What you should know
- Security in the SDLC
- Development methodologies
- Programming languages
- Security frameworks
- The OWASP Top 10
- Other notable projects
- Top 25 software errors
- BSIMM
- Building your test lab
- Preparing your checklist
- Internal project plans
- Communication planning
- Change control policy
- Security incident response policy
- Logging and monitoring policy
- Third-party agreements
- OWASP ASVS
- Challenges of assessing source code
- OWASP Code Review Guide
- Static code analysis
- Code review models
- Application threat modeling: STRIDE
- Application threat modeling: DREAD
- Code review metrics
- Demo: Codacy
- Demo: SonarQube
- The OWASP Top 10
- A1: Broken access controls
- A2: Cryptographic failures
- A3: Injection
- A4: Insecure design
- A5: Security misconfiguration
- A6: Vulnerable and outdated components
- A7: Identification and authentication failures
- A8: Software and data integrity failures
- A9: Security logging and monitoring failures
- A10: Server-Side Request Forgery
- Static application security testing next steps
Taught by
Jerod Brennen
