This course teaches dynamic security testing of the running pastebin application. You'll use OWASP ZAP, Nuclei, and other CLI tools to discover runtime vulnerabilities that static analysis cannot find, and integrate these scans into CI/CD pipelines.
Overview
Syllabus
- Unit 1: Introduction to DAST
- Take a DAST Scanner for a Spin
- Unit 2: Automated ZAP CLI Scanning
- Wake Up the Scanner
- Register Your First Scan Target
- Track the Correct Scan ID
- Launch Your First Active Scan
- See What the Scanner Found
- Unit 3: Nuclei Vulnerability Scanning
- Run Your First Nuclei Scan
- Extend Your First Template
- Write Your First Complete Template
- Test for Weak Default Credentials
- Detect and Extract Technology Headers
- Unit 4: Authenticated DAST Scanning
- Authenticated Scanning in Action
- Define Your Scanning Boundaries
- Train Your Scanner to Authenticate
- Enable Hands Free Authentication
- Write Your Own Security Test