Labs

A Deep-Dive into the OWASP ZAP API

Automate Security Tests in ZAP with Selenium

Custom Scripting in OWASP ZAP

Course Content

Introduction to DevSecOps

DevOps and the rise of DevOps

The need for DevSecOps

Success Factors and Challenges implementing DevSecOps

DevSecOps as a series of Developer-first workflows

Dynamic Scanning and Automation: Primer & Approach

Challenges with DAST and Automation:

- Spidering in the age of Single-Page-Apps and Web Services

- Long-running Scanning Tasks

Dynamic Scanning Tools and Approaches to Automation:

- Leveraging Test Automation Frameworks to perform “Parameterized” Dynamic Scanning

- Leveraging Natural Language and Behavior Driven-test Frameworks to perform more effective Dynamic Scanning for Web Apps and REST APi

Automating Dynamic scanning: Deep dive & implementation

Integrating Automated Dynamic Scanning Tools into DevSecOps Workflows:

  • Challenges and Success Factors
  • Leveraging Incremental and Asynchronous Pipelines to perform Automated Dynamic Scanning

Extending Automation with OWASP ZAP's Scripting Framework

Deep-dive into OWASP ZAP’s custom scripting framework

Labs: Creating Active Scan, Proxy and other custom automation with OWASP ZAP

Leveraging OWASP ZAP’s Custom Scripting Framework to perform Security Regressions

The way an application behaves at runtime is how your users will experience it. That means contending with a different class of security risks, vulnerabilities and exploits. Security engineers use Dynamic Application Security Testing (DAST) to sniff out vulnerabilities in their apps as they’re running, as opposed to static code review.

However, automating DAST is one of the biggest challenges of a DevSecOps program. However, DAST provides key insights into your application’s runtime security posture and vulnerabilities.

In our course, DAST Automation with OWASP ZAP, we start off by integrating DAST with Continuous Integration (CI), followed by a deep dive into automation with a wide range of dynamic security tools. Our primary focus is on DAST API capabilities and OWASP ZAP’s scripting interface that we’ll leverage for extensive automation. The hands-on labs in this course will involve Parameterized Automation Testing as well as Functional Test Automation with multiple frameworks.

All of our material is backed by years of security testing experience, knowledge, and original research across our entire team. By the end of this course, you’ll have immediately actionable knowledge of DAST that can be applied to an existing DevOps practice.

Advanced

4
Hours
9
Lessons
3
Cloud Labs
learning path:
DevSecOps

DAST Automation with OWASP ZAP

Ideal for
DevOps
Security Engineer
Get Started

You might also like these courses

Or explore these Learning Paths

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
Copyright AppSecEngineer © 2025