Online Application Security Testing Essential Training

Embed security into the software development life cycle. Discover how to use online security testing to validate your code and uncover vulnerabilities.

Introduction

• The importance of dynamic testing
• What you should know

1. Security Testing in QA

• Software quality assurance process
• Positive testing
• Negative testing
• SQA metrics
• OWASP Testing Guide
• Demo: OWASP ZAP

2. Assessing Deployed Apps

• Manual vs. automated testing
• Scanning vs. pen testing
• Testing in non-production
• Testing in production
• OSINT gathering
• Web app proxies
• DevSecOps
• Demo: Burp Suite

3. Web App Pen Testing

• Scoping a web app pen test
• Avoiding production impacts
• Penetration testing execution standard
• Types of pen tests
• Web application firewalls
• SIEMs
• Purple teaming
• Demo: Kali Linux

4. Testing for the OWASP Top Ten (2021)

• The OWASP Top Ten
• A1: Broken access control
• A2: Cryptographic failures
• A3: Injection
• A4: Insecure design
• A5: Security misconfiguration
• A6: Vulnerable and outdated components
• A7: Identification and authentication failures
• A8: Software and data integrity failures
• A9: Security Logging and monitoring failures
• A10: Server-side request forgery (SSRF)

Conclusion

• Next steps