Web Application Security Testing

In traditional SDLC, testing is a single step in the process, typically right before release. Conversely, there's a focus on Shift-All-Security-Left. Frankly, both have deficiencies that miss critical tests that leave applications open to vulnerabilities or waste valuable time and resources fixing issues that arise late in the dev cycle. These modules introduce the Software Security Testing Lifecycle (SWSTL) framework that incorporated security testing throughout the entire development lifecycle.

13 Modules | 3 hrs 3 min | Green Belt Level
Try Testing Training Lesson For Free!

Examples of Testing

  • Testing lifecycle, principles, fundamentals, process, framework
  • Tester roles
  • Utilizing the right tools to test
  • Dynamic and Static testings
  • OWASP Testing Framework
  • DAST Tools
  • Fuzzing Tools

What's Included?

We created this Green Belt path for Web Application Security Testers and their teams. Each of our lessons are short and conclude with a brief ten question assessment. The learning module length is purposeful – they are perfect for filling gaps in a developer’s day while code is deploying.

Secure Development Core Lesson Modules
Intro to Secure Development
Intro to Secure Coding
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Language Typing
Securing the Development Environment
Protecting your Code Repository
Producing a Clean, Maintainable, & Secure Code Culture
Secure the Release
Designing a Secure App or Product
Thinking Like A Penetration Tester
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Web Application Security Testing
Green Belt Path
Introduction to Web Application Security Testing
Security Testing Truths​
Security Testing Techniques​
Web Application Penetration Testing Tools
Software Security Testing Lifecycle​
Secure Requirements ​& Threat Modeling for Testers​
Building a Security Testing Strategy​
Build tests and review​
Automate Security Tests | Part 1​
Automate Security Tests | Part 2​
Validating Security Findings and Controls​
Client-Side Testing for DOM-XSS​
Server-Side Testing for Authentication Bypass​