Dynamic Application Security Testing (DAST)
Offered By: LinkedIn Learning
Course Description
Overview
Embed security into the software development life cycle. Discover how to use online security testing to validate your code and uncover vulnerabilities.
Syllabus
Introduction
- The importance of online testing
- What you should know
- Software quality assurance process
- Positive testing
- Negative testing
- SQA metrics
- OWASP Testing Guide
- Demo: OWASP ZAP
- Manual vs. automated testing
- Scanning vs. pen testing
- Testing in non-production
- Testing in production
- OSINT gathering
- Web app proxies
- Demo: Fiddler2
- Demo: Burp Suite
- Demo: Samurai Web Testing Framework (WTF)
- Scoping a web app pen test
- Avoiding production impacts
- The penetration testing execution standard
- Types of pen tests
- Web application firewalls
- SIEMs
- Purple teaming
- Demo: OWASP OWTF
- The OWASP Top Ten
- A1: Injection
- A2: Broken authentication
- A3: Sensitive data exposure
- A4: XML external entities (XXE)
- A5: Broken access control
- A6: Security misconfiguration
- A7: Cross-site scripting (XSS)
- A8: Insecure deserialization
- A9: Using components with known vulnerabilities
- A10: Insufficient logging and monitoring
- Next steps
Taught by
Jerod Brennen
Related Courses
Microsoft Azure Cognitive Services: Translator Text APIPluralsight Online Application Security Testing Essential Training
LinkedIn Learning Debugging Your Website with Fiddler and Chrome DevTools
Pluralsight View, troubleshoot, and improve app performance for Power Apps canvas apps
Microsoft via Microsoft Learn ASP.NET Security
LinkedIn Learning