Dynamic Application Security Testing (DAST)
Offered By: LinkedIn Learning
Course Description
Overview
Embed security into the software development life cycle. Discover how to use online security testing to validate your code and uncover vulnerabilities.
Syllabus
Introduction
- The importance of online testing
- What you should know
- Software quality assurance process
- Positive testing
- Negative testing
- SQA metrics
- OWASP Testing Guide
- Demo: OWASP ZAP
- Manual vs. automated testing
- Scanning vs. pen testing
- Testing in non-production
- Testing in production
- OSINT gathering
- Web app proxies
- Demo: Fiddler2
- Demo: Burp Suite
- Demo: Samurai Web Testing Framework (WTF)
- Scoping a web app pen test
- Avoiding production impacts
- The penetration testing execution standard
- Types of pen tests
- Web application firewalls
- SIEMs
- Purple teaming
- Demo: OWASP OWTF
- The OWASP Top Ten
- A1: Injection
- A2: Broken authentication
- A3: Sensitive data exposure
- A4: XML external entities (XXE)
- A5: Broken access control
- A6: Security misconfiguration
- A7: Cross-site scripting (XSS)
- A8: Insecure deserialization
- A9: Using components with known vulnerabilities
- A10: Insufficient logging and monitoring
- Next steps
Taught by
Jerod Brennen
Related Courses
Hacker101HackerOne via Independent Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera Complete Website Ethical Hacking and Penetration Testing
Udemy Top 5 Tools & Tricks for Ethical Hacking & Bug Bounties 2021
Udemy Learn Burp Suite, the Nr. 1 Web Hacking Tool
Udemy