Static Application Security Testing

سرفصل های دوره

Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on offline testing activities: preparing test plans, policies, and other documentation and conducting offline source code reviews. He also explains how to conduct offline testing for the OWASP Top Ten vulnerabilities. Along the way, you can become familiar with best practices around security in the SDLC. The hands-on sections—with demos of popular tools such as Codacy and SonarQube—prepare you to apply the lessons in the real world.

01 - Introduction

01 - The importance of static testing

02 - What you should know

02 - 1. Leading Practices

01 - Security in the SDLC

02 - Development methodologies

03 - Programming languages

04 - Security frameworks

05 - The OWASP Top 10

06 - Other notable projects

07 - Top 25 software errors

08 - BSIMM

09 - Building your test lab

10 - Preparing your checklist

03 - 2. Security Documentation

01 - Internal project plans

02 - Communication planning

03 - Change control policy

04 - Security incident response policy

05 - Logging and monitoring policy

06 - Third-party agreements

07 - OWASP ASVS

04 - 3. Source Code Security Reviews

01 - Challenges of assessing source code

02 - OWASP Code Review Guide

03 - Static code analysis

04 - Code review models

05 - Application threat modeling STRIDE

06 - Application threat modeling DREAD

07 - Code review metrics

08 - Demo Codacy

09 - Demo SonarQube

05 - 4. Static Testing for the OWASP Top 10 (2021)

01 - The OWASP Top 10

02 - A1 Broken access controls

03 - A2 Cryptographic failures

04 - A3 Injection

05 - A4 Insecure design

06 - A5 Security misconfiguration

07 - A6 Vulnerable and outdated components

08 - A7 Identification and authentication failures

09 - A8 Software and data integrity failures

10 - A9 Security logging and monitoring failures

11 - A10 Server-Side Request Forgery

06 - Conclusion

01 - Static application security testing next steps

189,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)