Author
Jerod Brennen
Updated
8/10/2019Released
8/7/2019- Positive and negative testing
- OWASP Testing Guide
- Manual vs. automated testing
- Scanning vs. pen testing
- Testing in the right environment
- Pen testing a web app
- Evading SIEMs
- Coordinating red and blue teams
- Testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
Duration
Views
- [Jerod Brennen] When testing web applications for potential security vulnerabilities, those tests fall into one of two overarching categories. Offline tests and online tests. With online testing, you'll be interacting directly with deployed instances of your in scope application. Online testing is generally considered riskier as testing activities may have an unplanned impact on the applications being tested. The trade off is that the results are likely to be much more accurate than those you would generate from offline testing. Both types of testing have value, and you should make every effort to perform both offline and online testing of the business critical apps in your environment. Hello, I'm Jerod Brennen. I've been working in Information Security long enough to have earned every gray hair in my beard. And I want to share what I've learned over the years to help you begin applying that same knowledge today. Are you ready to learn how to conduct online application security testing? Good. Let's get started.
-
Introduction
-
1. Security Testing in QA
-
Positive testing3m 43s
-
Negative testing4m 38s
-
SQA metrics6m 54s
-
OWASP Testing Guide4m 36s
-
Demo: OWASP ZAP6m 42s
-
2. Assessing Deployed Apps
-
Manual vs. automated testing5m 55s
-
Scanning vs. pen testing7m 31s
-
Testing in production4m 16s
-
OSINT gathering6m 48s
-
Web app proxies4m 26s
-
Demo: Fiddler26m 17s
-
Demo: Burp Suite8m 43s
-
-
3. Web App Pen Testing
-
Scoping a web app pen test6m 44s
-
Types of pen tests4m 12s
-
Web application firewalls4m 45s
-
SIEMs5m 35s
-
Purple teaming3m 36s
-
Demo: OWASP OWTF7m 33s
-
-
4. Testing for the OWASP Top Ten (2017)
-
The OWASP Top Ten3m 17s
-
A1: Injection6m 33s
-
A2: Broken authentication6m 17s
-
A3: Sensitive data exposure6m 20s
-
A5: Broken access control5m 45s
-
A8: Insecure deserialization4m 37s
-
-
Conclusion
-
Next steps3m 4s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: The importance of online testing