YoVDO

Practical Dynamic Application Security Testing within an Enterprise

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses DevOps Courses Continuous Deployment Courses Continuous Integration Courses Containers Courses Application Security Courses Enterprise Security Courses

Course Description

Overview

Explore practical approaches to dynamic application security testing within enterprise environments in this AppSecUSA 2017 conference talk. Learn how to integrate security into DevOps processes through strategic planning and implementation of a common pipeline for Continuous Integration (CI) and Continuous Deployment (CD). Discover two complementary methods for scalable and comprehensive application security: deploying dynamic scanners within CI/CD pipelines and leveraging data from analytic tools. Gain insights into using containerized RESTful API services for rapid security analysis of multiple applications. Understand how these solutions can transform application assessment practices, enabling efficient scanning of thousands of URLs and incorporating dynamic analysis into all build cycles. Benefit from the speakers' experience in implementing these approaches at Verizon, enhancing the security posture of a large enterprise.

Syllabus

Intro
About Me
Overview AST
Assessments never stop...
AST Detailed
Scanner and CLI
OST Overview
Cast a wide net
Why OST?
How to OST
OST Detailed
Sample bulk-scan response
Sample bulk-scan data flow
Sample bulk-scan results
Filling the Gap
Conclusion


Taught by

OWASP Foundation

Related Courses

Web Engineering III: Quality Assurance
Technische Hochschule Mittelhessen via iversity Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX DevOps for Developers: How to Get Started
Microsoft via edX Accelerate Software Delivery using DevOps
Microsoft via edX Building R Packages
Johns Hopkins University via Coursera