Learning Path: DevSecOps

DAST Automation with OWASP ZAP

The way an application behaves at runtime is how your users will experience it. That means contending with a different class of security risks, vulnerabilities and exploits. Security engineers use Dynamic Application Security Testing (DAST) to sniff out vulnerabilities in their apps as they’re running, as opposed to static code review. 

However, automating DAST is one of the biggest challenges of a DevSecOps program. However, DAST provides key insights into your application’s runtime security posture and vulnerabilities.

In our course, DAST Automation with OWASP ZAP, we start off by integrating DAST with Continuous Integration (CI), followed by a deep dive into automation with a wide range of dynamic security tools. Our primary focus is on DAST API capabilities and OWASP ZAP’s scripting interface that we’ll leverage for extensive automation. The hands-on labs in this course will involve Parameterized Automation Testing as well as Functional Test Automation with multiple frameworks. 

All of our material is backed by years of security testing experience, knowledge, and original research across our entire team. By the end of this course, you’ll have immediately actionable knowledge of DAST that can be applied to an existing DevOps practice.

Proficiency: Advanced
Audience: DevSecOps
Course Duration: 4 hours
27 lessons
3 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Introduction and Challenges of DAST and DAST Automation
  • The Alliance of QA, Test Automation and DAST
  • Parameterized DAST
  • Introduction to OWASP ZAP GUI
  • OWASP ZAP – Scan Policy Manager
  • Extensions and Add-ons in OWASP ZAP
  • Lab: OWASP ZAP API Deep-Dive
  • Lab: Selenium with OWASP ZAP
  • OWASP ZAP Scripting Framework – Intro and Overview