DevSecOps: Automated Security Testing
1h 35mBeginner2018-03-29
Authors
James Wickett
Security Engineer and supporter of rugged software and DevSecOps
Course details
Security testing is a vital part of ensuring you deliver a complete, secure solution to your customers. Automating the process can ensure testing is always part of your software delivery workflow, and can help testing keep pace with continuous integration and delivery (CI/CD) pipelines. In this course, James Wickett introduces the core concepts behind application security testing, with hands-on demos of various open-source tools. He explains how security and DevOps fit together, and moves quickly from guidance to practice: setting up an attack lab with GauntIt. He reviews testing strategies for web applications, microservices, and APIs, as well as the specialized needs of CI/CD pipelines. By the end of the course, you'll have a better understanding of software security testing, as well as a reusable library of tests that you can immediately put into rotation.
Learning objectives
Security and DevOps
Automated security testing
Running your first automated security test with GauntIt
XSS and SQLi attack automation
Network testing
Security testing in continuous integration/continuous delivery pipelines
Learning objectives
Security and DevOps
Automated security testing
Running your first automated security test with GauntIt
XSS and SQLi attack automation
Network testing
Security testing in continuous integration/continuous delivery pipelines
Skills covered
Security TestingCybersecurity
Concepts
0. Introduction
- 01 - Welcome
- 02 - What you should know
1. Security Testing Basics
- 03 - Security and DevOps history in short
- 04 - Security and DevOps for the first time
- 05 - Automated security testing basics
- 06 - Tips for security automation for DevOps
2. Security Automation - Getting Started
- 07 - Setting up the demo environment
- 08 - Web application security quick tour
- 09 - Application security attack tools
- 10 - Security test automation with Gauntlt
- 11 - Running your first automated attack
3. Application Security Automation
- 12 - Application security vector - XSS
- 13 - XSS attack automation
- 14 - XSS attack automation refactoring
- 15 - SQLi attack automation
- 16 - Automating a fuzzer
- 17 - Network testing on the fly
- 18 - Be mean to your code in practice
4. Security Testing in Software Delivery Pipelines
- 19 - Shift left and the DevOps way
- 20 - Security testing in CI CD
Conclusion
- 21 - Start automating security testing
- 22 - Next steps
Related courses
- Creating Professional Penetration Test Reports: A Hands-On Guide for Cybersecurity Professionals
- Security Testing Essential Training
- AI in Risk Management and Fraud Detection
- Machine Learning for Red Team Hackers
- Security Testing: Nmap Security Scanning
- AI Product Security: Testing, Validation, and Maintenance
- Certified Ethical Hacker (CEH)
- Penetration Testing and Ethical Hacking