From the course: Building an Application Security Program
Join today to access over 25,500 courses taught by industry experts.
Pentesting
From the course: Building an Application Security Program
Pentesting
- [Narrator] Now let's talk about something many people are familiar with, pen testing. The term is thrown around a lot, but let's talk about what an actual definition is. The Department of Homeland Security defines pen testing as a method of testing where testers target individual binary components of the application to determine whether vulnerabilities can be exploited to compromise the application, its data or its environment resources. A common way to think about this is hacking into the system. Hacking and pen testing are sometimes used interchangeably. You start your pen testing scenario by using the threat model we created earlier. The threat model is going to help you understand which points of the application may be susceptible to the hacking, which ones may have vulnerabilities that you can exploit. After you look at the threat model to understand, you can use tools, either manual or automated to perform the testing…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding AppSec testing5m 46s
-
(Locked)
Threat modeling5m 20s
-
(Locked)
Static application security testing (SAST)3m 14s
-
(Locked)
Dynamic application security testing (DAST)2m 55s
-
(Locked)
Interactive application security testing (IAST)2m 29s
-
(Locked)
Static code analysis (SCA)3m 6s
-
(Locked)
Verification testing2m 10s
-
(Locked)
Pentesting2m 50s
-
(Locked)
Red/Blue/Purple testing3m 32s
-
(Locked)
Monitoring AppSec in production3m 42s
-
(Locked)
RASP vs. WAF6m 32s
-
(Locked)
-
-