YoVDO

Practical Dynamic Application Security Testing within an Enterprise

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses DevOps Courses Continuous Deployment Courses Continuous Integration Courses Containers Courses Application Security Courses Enterprise Security Courses

Course Description

Overview

Explore practical approaches to dynamic application security testing within enterprise environments in this AppSecUSA 2017 conference talk. Learn how to integrate security into DevOps processes through strategic planning and implementation of a common pipeline for Continuous Integration (CI) and Continuous Deployment (CD). Discover two complementary methods for scalable and comprehensive application security: deploying dynamic scanners within CI/CD pipelines and leveraging data from analytic tools. Gain insights into using containerized RESTful API services for rapid security analysis of multiple applications. Understand how these solutions can transform application assessment practices, enabling efficient scanning of thousands of URLs and incorporating dynamic analysis into all build cycles. Benefit from the speakers' experience in implementing these approaches at Verizon, enhancing the security posture of a large enterprise.

Syllabus

Intro
About Me
Overview AST
Assessments never stop...
AST Detailed
Scanner and CLI
OST Overview
Cast a wide net
Why OST?
How to OST
OST Detailed
Sample bulk-scan response
Sample bulk-scan data flow
Sample bulk-scan results
Filling the Gap
Conclusion


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube