Web application security is challenging for many security assessors, and it's even more challenging for the web application developers themselves. Fortunately, organizations like the Open Web Application Security Project, or OWASP, publish tools and other resources to help bridge that knowledge gap. Jerod introduces you to OWASP ZAP, a tool that offers automated security scanning functionality.
- [Instructor] Web app scanning can be tricky.…So be careful.…Host vulnerability scanners…often check against known signatures.…Does this condition exist…on a target system, yes or no?…That binary approach to vulnerability scanning…enables vulnerability management vendors…to build scanners that are unlikely…to impact the systems they are scanning.…Web app scanners on the other hand…tend to be much more open ended.…What happens when I do this?…These scanners often interact with target applications…like a potentially malicious end user.…
Which increases the risk…of accidentally breaking the target application.…With that in mind it's important that you…the security assessor take additional precautions…when configuring your scans.…It's also important that you test your scanning skills…against non production web applications fist.…So you can see the potential impacts first hand…and adjust your production scanning process accordingly.…That's where OWASP comes to the rescue.…OWASP short for the Open Web Application Security Project…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.