The way an application behaves at runtime is how your users will experience it. That means contending with a different class of security risks, vulnerabilities and exploits. Security engineers use Dynamic Application Security Testing (DAST) to sniff out vulnerabilities in their apps as they’re running, as opposed to static code review.
However, automating DAST is one of the biggest challenges of a DevSecOps program. However, DAST provides key insights into your application’s runtime security posture and vulnerabilities.
In our course, DAST Automation with OWASP ZAP, we start off by integrating DAST with Continuous Integration (CI), followed by a deep dive into automation with a wide range of dynamic security tools. Our primary focus is on DAST API capabilities and OWASP ZAP’s scripting interface that we’ll leverage for extensive automation. The hands-on labs in this course will involve Parameterized Automation Testing as well as Functional Test Automation with multiple frameworks.
All of our material is backed by years of security testing experience, knowledge, and original research across our entire team. By the end of this course, you’ll have immediately actionable knowledge of DAST that can be applied to an existing DevOps practice.
A Deep-Dive into the OWASP ZAP API
Automate Security Tests in ZAP with Selenium
Custom Scripting in OWASP ZAP
DevOps and the rise of DevOps
The need for DevSecOps
Success Factors and Challenges implementing DevSecOps
DevSecOps as a series of Developer-first workflows
Challenges with DAST and Automation:
- Spidering in the age of Single-Page-Apps and Web Services
- Long-running Scanning Tasks
Dynamic Scanning Tools and Approaches to Automation:
- Leveraging Test Automation Frameworks to perform “Parameterized” Dynamic Scanning
- Leveraging Natural Language and Behavior Driven-test Frameworks to perform more effective Dynamic Scanning for Web Apps and REST APi
Integrating Automated Dynamic Scanning Tools into DevSecOps Workflows:
Deep-dive into OWASP ZAP’s custom scripting framework
Labs: Creating Active Scan, Proxy and other custom automation with OWASP ZAP
Leveraging OWASP ZAP’s Custom Scripting Framework to perform Security Regressions