Streamlined AppSec Testing: A Fusion of Security Controls, Test Tools, and DevSecOps
Cybersecurity is a major problem that the IT industry is facing today and will become an even greater threat as the stakes increase. The threat of a security breach exists at IT infrastructure perimeter, network, hosting environment, and application level. Its extent is on the rise as cybersecurity hackers are constantly on the move to find new ways to invade IT security. This makes it increasingly difficult for organizations to maintain its security promise to its customers and stay out of the news.
The objective of this course is to understand the techniques and tools for testing web application security that will result with high confidence in a secure application.
This workshop is designed for the QA professionals responsible for testing web applications. As a hands-on learning course, it includes hands-on exercises in a virtual learning environment. The goal is to equip students with takeaways that can be readily applied.
- Security Principles and their role in web application testing - CIA Triad
- Understanding of web environment security components from client to serve side - the data path and potential threats
- Understanding of security control for a web application
- Testing types tools and methods at a testers disposal - SAST, DAST, formal QA, and PenTest
- Building a test strategy and a test plan
- How to use ZAP scanner in your QA environment
- Integration of ZAP in DevSecOps using Jenkins pipeline
Bhushan Gupta is passionate about development methods and tools that yield more secure web applications especially in the agile software development environment. He has keen interest in understanding and applying fundamental principles and known methodologies to develop dependable solutions. With a deep passion for web application security, his focus is on how to apply common sense approach to build secure solutions.
Bhushan worked at Hewlett-Packard for 13 years in various roles including software quality lead, engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. He is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology, Software Engineering department..