Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
Static Application Security Testing

Static Application Security Testing

3h 41mIntermediate2023-05-08

Authors

Jerod Brennen

Jerod Brennen

Security Architect, Advisor, Speaker, Teacher

Course details

Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on offline testing activities: preparing test plans, policies, and other documentation and conducting offline source code reviews. He also explains how to conduct offline testing for the OWASP Top Ten vulnerabilities. Along the way, you can become familiar with best practices around security in the SDLC. The hands-on sections—with demos of popular tools such as Codacy and SonarQube—prepare you to apply the lessons in the real world.

Skills covered

SonarQubeSecurity TestingProgramming FoundationsCybersecuritySoftware DevelopmentDeep Dive (X:Y)

Concepts

0. Introduction

  • 01 - The importance of static testing
  • 02 - What you should know

1. Leading Practices

  • 03 - Security in the SDLC
  • 04 - Development methodologies
  • 05 - Programming languages
  • 06 - Security frameworks
  • 07 - The OWASP Top 10
  • 08 - Other notable projects
  • 09 - Top 25 software errors
  • 10 - BSIMM
  • 11 - Building your test lab
  • 12 - Preparing your checklist

2. Security Documentation

  • 13 - Internal project plans
  • 14 - Communication planning
  • 15 - Change control policy
  • 16 - Security incident response policy
  • 17 - Logging and monitoring policy
  • 18 - Third-party agreements
  • 19 - OWASP ASVS

3. Source Code Security Reviews

  • 20 - Challenges of assessing source code
  • 21 - OWASP Code Review Guide
  • 22 - Static code analysis
  • 23 - Code review models
  • 24 - Application threat modeling - STRIDE
  • 25 - Application threat modeling - DREAD
  • 26 - Code review metrics
  • 27 - Demo - Codacy
  • 28 - Demo - SonarQube

4. Static Testing for the OWASP Top 10 (2021)

  • 29 - The OWASP Top 10
  • 30 - A1 - Broken access controls
  • 31 - A2 - Cryptographic failures
  • 32 - A3 - Injection
  • 33 - A4 - Insecure design
  • 34 - A5 - Security misconfiguration
  • 35 - A6 - Vulnerable and outdated components
  • 36 - A7 - Identification and authentication failures
  • 37 - A8 - Software and data integrity failures
  • 38 - A9 - Security logging and monitoring failures
  • 39 - A10 - Server-Side Request Forgery

Conclusion

  • 40 - Static application security testing next steps

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal