Course curriculum

  • 1

    Course Introduction

    • Welcome to the Course!

    • Why are you here?

    • What is Application Security? And why is it important?

    • What is SCA? What is SAST? What is DAST?

    • Why would a developer want to be in charge of DAST?

    • We are using Nexploit!

  • 2

    Using Security Tools in a CI/CD

    • Do not run a DAST on ‘Full Blast’ in a CI/CD

    • Running a DAST Manually

    • Scheduled Scans

    • In the CI/CD

    • HAR Files

    • APIs and Swagger Files

  • 3

    Setup

    • What is GitHub Actions?

    • What is Broken Crystals?

    • What are APIs?

    • Creating a Nexploit account

    • Creating a GitHub account

    • Forking the NeuraLegion Repo

    • Creating a Token and Repeater

    • Kicking off the CI/CD

  • 4

    Running a Scan

    • Running your first scan

    • Setting up Authentication

    • Kicking off a HAR file scan

    • Kicking off an OpenAPI scan

    • All Test Types

  • 5

    Results

    • Scan Results: TLS Misconfiguration

    • Scan Results: Insecure HTTP Method

    • Scan Results: Reflective Cross Site Scripting (rXSS)

    • Scan Results: Reflective Cross Site Scripting (Client-Side Action)

    • Scan Results: Open Bucket

    • Scan Results: Directory Listing

    • Scan Results: Version Control Systems Data Leak

    • Scan Results: Unvalidated Redirect

    • Scan Results: Security Headers

    • Scan Results: Cookies

    • Scan Results: SQL DB Error Message in Response

    • Scan Results: Unauthorized Cross-Site Request Forgery (CSRF)

    • Scan Results: Exposed Database Connection

  • 6

    Course Conclusion

    • Course Summary

    • Conclusion

    • Thank You