LEARNING PATH: DevSecOps

DAST Automation with OWASP ZAP

The way an application behaves at runtime is how your users will experience it. That means contending with a different class of security risks, vulnerabilities and exploits. Security engineers use Dynamic Application Security Testing (DAST) to sniff out vulnerabilities in their apps as they’re running, as opposed to static code review. 

However, automating DAST is one of the biggest challenges of a DevSecOps program. However, DAST provides key insights into your application’s runtime security posture and vulnerabilities.

In our course, DAST Automation with OWASP ZAP, we start off by integrating DAST with Continuous Integration (CI), followed by a deep dive into automation with a wide range of dynamic security tools. Our primary focus is on DAST API capabilities and OWASP ZAP’s scripting interface that we’ll leverage for extensive automation. The hands-on labs in this course will involve Parameterized Automation Testing as well as Functional Test Automation with multiple frameworks. 

All of our material is backed by years of security testing experience, knowledge, and original research across our entire team. By the end of this course, you’ll have immediately actionable knowledge of DAST that can be applied to an existing DevOps practice.

DevSecOps DAST Automation
Proficiency Advanced
Audience DevSecOps
Course Duration​ 4
Lessons​ 27
Cloud Labs​ 3
Proficiency

Intermediate

Audience

Cloud Security Expert

Course duration

4

Lessons

16

Cloud Labs

2

    • DevOps and the rise of DevOps
    • The need for DevSecOps
    • Success Factors and Challenges implementing DevSecOps
    • DevSecOps as a series of Developer-first workflows
    • Challenges with DAST and Automation: 
        • Spidering in the age of Single-Page-Apps and Web Services
        • Long-running Scanning Tasks
    • Dynamic Scanning Tools and Approaches to Automation: 
      • Leveraging Test Automation Frameworks to perform “Parameterized” Dynamic Scanning
      • Leveraging Natural Language and Behavior Driven-test Frameworks to perform more effective Dynamic Scanning for Web Apps and REST APi
    • Integrating Automated Dynamic Scanning Tools into DevSecOps Workflows
      • Challenges and Success Factors
      • Leveraging Incremental and Asynchronous Pipelines to perform Automated Dynamic Scanning
    • Deep-dive into OWASP ZAP’s custom scripting framework
    • Labs: Creating Active Scan, Proxy and other custom automation with OWASP ZAP
    • Leveraging OWASP ZAP’s Custom Scripting Framework to perform Security Regressions
  • A Deep-Dive into the OWASP ZAP API
  • Automate Security Tests in ZAP with Selenium
  • Custom Scripting in OWASP ZAP
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking "Accept" you consent to the use of All the cookies