Dynamic security testing involves scanning a website for vulnerabilities. In this video, learn about to automate this process in the DevOps pipeline.
- [Narrator] The next type of testing … we'll talk about is dynamic testing. … It's the second most popular type of testing … and one commonly used by many teams … like developers, security testers and red teamers. … Dynamic testing is sort of like … an automated pen test. … It scans a website called spidering … to learn about its pages, text boxes, … links and so on, and then tries to hack the site … and test for vulnerabilities … based on what it learns. … As opposed to static testing, … dynamic is mainly language agnostic. … It doesn't care if the application … is Java or .NET as long as it's web-based. … If you come from a testing world, … this type of testing would be considered black box. … You don't really know how the application works … and you're just trying to find a way to break in. … One piece of advice when running the test … against builds is to do it asynchronously. … In other words, let the build complete … even if the test is still running. … Dynamic testing can take some time …
- What is DevSecOps?
- How application security is different with DevSecOps
- Continuous static and dynamic testing
- Continuously scanning to prevent leaking secrets
- Continuous container security
- Pulling security tools together with the Glue tool