From the course: DevSecOps: Automated Security Testing
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
"Be mean to your code" in practice
From the course: DevSecOps: Automated Security Testing
"Be mean to your code" in practice
- [Instructor] So far, we've created automation to run attacks against our site. These attacks have been through the use of tools like the network tester Nmap, and the application vulnerability scanner, Arachni. We have automated a web fuzzer, and looked at several application vulnerability classes like cross edge scripting and SQL injection. Along with all this, we've used Gauntlt to wrap these testing tools so they fit better in a testing workflow. Gauntlt promotes the idea of "be mean to your code." This harnesses application attack tooling inside of the software development life cycle. In the recently released book, Agile Application Security, there's a dedicated chapter on this topic, and they cover Gauntlt. Though not as in-depth as we've gotten here. In the book, the authors share my sentiment on how to do security testing. They write, "The goal should be to come up with "a set of automated tests that probe and check "security configurations and runtime system behavior "for…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.