Time
9 hours 48 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:00
all right. Next. And really the final section off Web application Security is security testing. Like we said, no matter how brilliant you're planning, you need to test for security. Now, we've talked about security testing a couple of other places. We've talked about how important
00:18
input validation is and making sure
00:21
that your applications
00:25
do check for they do validate input if you'll remember that term fuzzing from a while back from one of the earlier chapters, we talked about fuzzing making sure their input. We try that again, making sure that our applications properly validate input here, though just some different types of testing
00:45
Definitely testable
00:46
static applications, security testing fast.
00:51
The idea here is
00:53
the, uh we're looking at the code. The application is not running. We are examining the code code review doing this early and throughout the life cycle.
01:03
Dynamic application security testing is while the APP is running itself right, So we're not just looking at coach. We're looking at the actual testing process, so, you know, knowing the difference there and then there's also a term called rasp.
01:18
You know, this just kind of throwing this in. Their many applications have self protective mechanisms
01:23
being able to terminate like an intrusion prevention system, being able to terminate an attack
01:30
while it's while it's happening. Those would be rasp Service's and really, you know, it's kind of based on knowledge, either based on rules or sometimes artificial intelligence or you know who based learning
01:48
but ultimately being able to recognize. Hey, this is an attack. This isn't legitimate. Let's terminate. Let's stop responding. Let's throw an error message or shut down or however we may determine that to work.
02:00
All right, so just a couple of little last ideas on application security test.

Up Next

Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor