2020/10/10 - DevSecOps Workshop - DAST Automation Edition

Nithin Jois
Senior Solutions Engineer
we45

Description

Wouldn’t it be great to automate your favorite Dynamic Tools like OWASP ZAP or BurpSuite as part of your pentesting or DevSecOps pipeline? While this sounds great, there are several challenges that you will face in automating these tools. In addition, automating security testing for Single Page Applications (SPAs) and REST APIs is even more difficult because of authentication and access control requirements. This is a hands-on in-depth course that explores the security automation possibilities of OWASP ZAP. As part of our cyber-ranges you will get to explore the various automation possibilities and “recipes” with Dynamic Scanning tools, with a special focus on OWASP ZAP. You will learn to leverage Test Automation Frameworks like Selenium and Robot framework to perform fully authenticated and contextually aware scanning of your web applications and web services. In addition, you’ll be building custom scripts for OWASP ZAP and BurpSuite to expand your scanning workflows to aid in pentesting as well as automation. Finally, we’ll be looking at how you can integrate these tools into a DevSecOps or CI pipeline and leverage continuous scanning efforts for your applications.

Summary

• Deep-dive into OWASP ZAP and BurpSuite API and learn how to leverage these APIs for Security Automation
• Skip the inefficient spider. Leverage Test Automation with Selenium and other test automation frameworks to perform deeper and more powerful security testing against your Web Application or REST API.
• Learn advanced automation techniques by leveraging OWASP ZAP and BurpSuite in DevSecOps Pipelines
• Learn how you can leverage custom scripting frameworks in OWASP ZAP and BurpSuite to deliver more powerful security automation and pentesting workflows