From the course: Application Security in DevSecOps
Join today to access over 25,500 courses taught by industry experts.
Continuous dynamic scanning
From the course: Application Security in DevSecOps
Continuous dynamic scanning
- [Instructor] The next type of application security testing we will cover is dynamic analysis. This is the second most common security testing approach utilized by development teams, security professionals, and penetration testers alike. Dynamic testing is akin to an automated penetration test. It involves scanning a running web application to discover its pages, forms, links, and other attack surface areas. The tool then systematically attempts to identify vulnerabilities by interacting with the application. Unlike static analysis, which examines the source code, dynamic testing is largely language-agnostic. As long as the application has a web interface, the testing can be performed. From a security tester's perspective, dynamic testing is considered a black box approach, as the tester doesn't need to understand the inner workings of the application. One key consideration when integrating dynamic testing into a CI/CD pipeline is to run it asynchronously. Since these scans can be…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Continuous static scanning7m 7s
-
(Locked)
Continuous dynamic scanning7m 31s
-
(Locked)
Interactive application security scanning9m 11s
-
(Locked)
Continuous secret scanning5m 40s
-
(Locked)
Continuous dependency scanning4m 55s
-
(Locked)
Continuous container security6m 12s
-
(Locked)
Continuous infrastructure as code scanning6m 11s
-
(Locked)
AI application security6m 6s
-
(Locked)
Continuous application runtime monitoring5m 37s
-
(Locked)
-
-