Dynamic Application Security Testing

DAST testing is performed to see if there are any vulnerabilities during the runtime of the application. CyberGnan has designed the Web Application Penetration Testing course to train security analysts in identifying various OWASP Top 10 and SANs Top 25 vulnerabilities during run time. Organizations must carry out DAST assessment before going live.

Course Outline:

  • Introduction to Application Security Principals
  • Introduction to DAST
  • Introduction to OWASP TOP 10
  • DAST Approach / Methodology
  • Tools & Techniques
  • Automated & Manual scans (unauthenticated / authenticated)
  • Learning Proxy Based Approach
  • Vulnerability Analysis:
    • Different types of Injections
    • XSS attack
    • Broken Authentication & Session Management
    • Insecure Direct Object Reference
    • Sensitive Data Exposure
    • CSRF
    • Security Misconfigurations
    • Missing Functional Level Controls
    • Buffer Overflows
    • DOS etc.

Parallel Hands-On Session
Reporting & Recommendations:

  • Open Source Tools
  • Automated & Manual Analysis
  • Removal of False Positives

For more details about the course outline, please contact us today.