From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
AppSec scanning with DAST tools
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
AppSec scanning with DAST tools
- Application security is a class of security problems that has withstood the test of time. Over 15 years ago the open web application security project known as OWASP was started to address this space. However even today application security is still going strong. One example of application security is cross-site scripting. Normally shortened to XXS, OWASP provides this definition. Cross-Site Scripting attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. Now that is just one form of application security. Every few years OWASP releases the OWASP top 10 which catalog the top 10 risks that the organization sees out in the wild. Check out owasp.org for more info. Many of these are application security vulnerabilities and they hinge on injection of user data to take control of the app or the user's browser. So in the case of cross-site scripting, you can inject a bit of JavaScript like this one here. It gets access to the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.