Offline Application Security Testing Essential Training

Embed security into the software development lifecycle. Discover how to use offline security testing to validate your code and uncover vulnerabilities.

Introduction

• The importance of static testing
• What you should know

1. Leading Practices

• Security in the SDLC
• Development methodologies
• Programming languages
• Security frameworks
• The OWASP Top 10
• Other notable projects
• Top 25 software errors
• BSIMM
• Building your test lab
• Preparing your checklist

2. Security Documentation

• Internal project plans
• Communication planning
• Change control policy
• Security incident response policy
• Logging and monitoring policy
• Third-party agreements
• OWASP ASVS

3. Source Code Security Reviews

• Challenges of assessing source code
• OWASP Code Review Guide
• Static code analysis
• Code review models
• Application threat modeling: STRIDE
• Application threat modeling: DREAD
• Code review metrics
• Demo: Codacy
• Demo: SonarQube

4. Static Testing for the OWASP Top 10 (2021)

• The OWASP Top 10
• A1: Broken access controls
• A2: Cryptographic failures
• A3: Injection
• A4: Insecure design
• A5: Security misconfiguration
• A6: Vulnerable and outdated components
• A7: Identification and authentication failures
• A8: Software and data integrity failures
• A9: Security logging and monitoring failures
• A10: Server-Side Request Forgery

Conclusion

• Static application security testing next steps