Learning Path: DevSecOps

DAST Automation with OWASP ZAP

Automating DAST (Dynamic Application Security Testing) is one of the biggest challenges of a DevSecOps Program. However, DAST provides key insights into your application’s runtime security posture and vulnerabilities.

This course encompasses approaches to automating Dynamic Application Security Testing (DAST) tools with an automated DevSecOps pipeline. We’ll be automating application security testing using one of the most popular open-source scanning tools for dynamic testing, OWASP ZAP. Our primary focus is on DAST API capabilities and OWASP ZAP’s scripting interface that we’ll leverage for extensive automation.

Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.

Proficiency: Advanced
Audience: DevSecOps
Course Duration: 4 hours
27 lessons
3 Cloud Labs

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Introduction and Challenges of DAST and DAST Automation
  • The Alliance of QA, Test Automation and DAST
  • Parameterized DAST
  • Introduction to OWASP ZAP GUI
  • OWASP ZAP – Scan Policy Manager
  • Extensions and Add-ons in OWASP ZAP
  • Lab: OWASP ZAP API Deep-Dive
  • Lab: Selenium with OWASP ZAP
  • OWASP ZAP Scripting Framework – Intro and Overview