Embed security into the software development life cycle. Discover how to use online security testing to validate your code and uncover vulnerabilities.
Overview
Syllabus
Introduction
- The importance of dynamic testing
- What you should know
- Software quality assurance process
- Positive testing
- Negative testing
- SQA metrics
- OWASP Testing Guide
- Demo: OWASP ZAP
- Manual vs. automated testing
- Scanning vs. pen testing
- Testing in non-production
- Testing in production
- OSINT gathering
- Web app proxies
- DevSecOps
- Demo: Burp Suite
- Scoping a web app pen test
- Avoiding production impacts
- Penetration testing execution standard
- Types of pen tests
- Web application firewalls
- SIEMs
- Purple teaming
- Demo: Kali Linux
- The OWASP Top Ten
- A1: Broken access control
- A2: Cryptographic failures
- A3: Injection
- A4: Insecure design
- A5: Security misconfiguration
- A6: Vulnerable and outdated components
- A7: Identification and authentication failures
- A8: Software and data integrity failures
- A9: Security Logging and monitoring failures
- A10: Server-side request forgery (SSRF)
- Next steps
Taught by
Jerod Brennen