About the course
In this course the participants will learn how to integrate testing into development and CI/CD pipelines, how to interpret results effectively, and how to balance automation with manual analysis. The training emphasizes both methodology and practice, ensuring participants walk away with actionable skills they can apply immediately.
Contents
- Understand the fundamentals of SAST and DAST and when to use each approach
- Explore the strengths and limitations of automated security testing tools
- Gain hands-on experience with widely used tools such as Burp Suite, OWASP ZAP, Dependency-Track, and CodeQL
- Learn how to integrate security testing into CI/CD pipelines (GitHub Actions, Azure DevOps, GitLab CI, etc.)
- Understand how to prioritize findings and avoid “alert fatigue”
- Explore the role of dependency and supply chain analysis in modern application security
- Discuss best practices for combining automated scanning with manual testing for maximum coverage
- Learn how to communicate findings effectively with developers and stakeholders
Target audience
This course is ideal for developers, DevOps engineers, QA specialists, and security professionals who want to strengthen their security testing practices. It is also valuable for technical leads and product managers seeking to embed security testing into development workflows and improve the overall maturity of their security programs.
Duration
Two days
Course type
Customized course for closed groups. Can be conducted on-site or online.
