GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST)

What is Dynamic Application Security Testing (DAST) ? Session 8: In this video, Padi and I will show you how to find vulnerabilities in your running application using Dynamic Application Security Testing (DAST) in GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:15 Intro 00:29 DevSecOps with GitHub 01:54 What is Dynamic Application Security Testing (DAST) 02:38 How to do DAST with GitHub? 03:24 How to implement DAST with GitHub? 06:03 Implementation of DAST in the GitHub 06:40 Add new workflow dast.yaml 11:47 Add reference to dast.yaml in main-pipeline.yaml 13:08 Pipeline run 13:13 DAST Job run 14:33 DAST report 14:46 ZAP scanning report 16:31 Automatically creat a issue from the DAST Job run 17:39 The created DAST issue 18:33 Summary 19:57 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ OWASP ZAP Full Scan https://github.com/marketplace/actions/owasp-zap-full-scan ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth