Advanced

DAST Automation with OWASP ZAP

DevSecOps
4
Hours
9
Lessons
3
Cloud Labs

The way an application behaves at runtime is how your users will experience it. That means contending with a different class of security risks, vulnerabilities and exploits. Security engineers use Dynamic Application Security Testing (DAST) to sniff out vulnerabilities in their apps as they’re running, as opposed to static code review.

However, automating DAST is one of the biggest challenges of a DevSecOps program. However, DAST provides key insights into your application’s runtime security posture and vulnerabilities.

In our course, DAST Automation with OWASP ZAP, we start off by integrating DAST with Continuous Integration (CI), followed by a deep dive into automation with a wide range of dynamic security tools. Our primary focus is on DAST API capabilities and OWASP ZAP’s scripting interface that we’ll leverage for extensive automation. The hands-on labs in this course will involve Parameterized Automation Testing as well as Functional Test Automation with multiple frameworks.

All of our material is backed by years of security testing experience, knowledge, and original research across our entire team. By the end of this course, you’ll have immediately actionable knowledge of DAST that can be applied to an existing DevOps practice.

You might also like these courses

Or explore these Learning Paths

Labs

A Deep-Dive into the OWASP ZAP API

Automate Security Tests in ZAP with Selenium

Custom Scripting in OWASP ZAP