Mastering Application Security Testing and Debugging

Name: Mastering Application Security Testing and Debugging
Rating: 4.3 (26 reviews)

Master SAST, DAST, Penetration Testing, and Security Debugging for Modern Web Applications

Role Play

Created byStarweaver Experts, Paul Siegel, Sonali Sen Baidya

Last updated 4/2026

English

What you'll learn

Implement SAST and DAST to automate testing and identify web application vulnerabilities to enhance your security posture.
Apply advanced debugging techniques and security-focused analysis to diagnose, isolate, and fix vulnerabilities in application code.
Conduct penetration testing to simulate real-world attacks and assess the effectiveness of application security controls for web applications.
Produce security reports with technical findings, business impact, and clear remediation strategies to ensure applications security.
Master manual testing to identify vulnerabilities and gaps in web application security.
Learn to apply best practices in application security through vulnerability assessments and security testing techniques.
Gain hands-on experience with penetration testing to simulate cyberattacks and validate the resilience of your applications against real-world threats.
Create actionable security reports that provide technical insights, evaluate business risks, and suggest improvements for application security and compliance.

Course content

15 sections • 57 lectures • 6h 59m total length

Intro Video to Course4:22
Introduction to the course, key topics to be covered, and call to action.
Welcome to the Course: Course Overview3:09

Introduction to Section3:10
Introduction to the section, key topics to be covered, and call to action.
Intro to Application Security6:22
Learn the fundamental role of application security in modern software development and explore the current threat landscape targeting web applications.
Security Testing in the SDLC10:13
Understand how to integrate security testing throughout the development lifecycle using shift-left principles for early vulnerability detection.
OWASP Top 10 Deep Dive7:20
Gain comprehensive knowledge of OWASP Top 10 security risks and learn to assess their real-world impact through exploitation scenarios.

SAST Fundamentals and Tool Selection10:33
Explore the white-box testing methodology of SAST and learn to compare commercial versus open-source static analysis tools.
Hands-on SAST with SpotBugs18:33
Apply tool configuration and execution workflows while learning code scanning techniques specifically for Java applications.
Tool: SpotBugs
SAST Results Analysis & CVSS Scoring15:40
Develop skills in interpreting static analysis outputs and learn to prioritize vulnerabilities using the CVSS framework while managing false positives.
Tool: SpotBugs

Manual Security Code Review Process8:52
Learn structured approaches to manual code auditing and discover how to identify logic flaws that automated tools typically miss.
OWASP Code Review Tools Workshop17:49
Gain practical experience with OWASP security testing tools and master semi-automated review techniques and workflows.
Tool: OWASP ZAP (or WebGoat for vulnerable code demonstration)
Security Audit Standards & Compliance10:04
Understand industry frameworks for security auditing including NIST and ISO 27001, along with essential documentation and compliance requirements.
NIST Secure Code Review Practices0:16
Secure Coding Practices Checklist0:17
Hands-On-Learning: Practical Vulnerability Analysis Using SAST0:18
Secure Code Review & Manual Analysis

Introduction to Section3:56
Introduction to the section, key topics to be covered, and call to action.
Systematic Debugging for Security10:32
Apply security-focused debugging methodology and learn root cause analysis techniques specifically designed for vulnerability discovery.
White-Box Debugging Techniques10:09
Understand delta debugging and binary search approaches while developing source code analysis skills for security flaw identification.
Runtime Security Analysis11:00
Learn dynamic analysis and runtime vulnerability detection including memory analysis and execution flow tracing techniques.

Authentication Flow Debugging12:59
Learn session handling vulnerability identification techniques and master runtime authentication bypass detection methods.
Tool: OWASP ZAP
Interactive Debugging in Web Applications15:10
Develop breakpoint strategies for security testing and master code path analysis for effective vulnerability isolation.
Tool: Burp Suite (Community Edition)
Advanced Exploit Analysis7:01
Explore low-level debugging for exploit development and gain skills in reverse engineering and vulnerability research techniques.

DevSecOps Pipeline Integration14:28
Apply CI/CD security automation workflows and learn to implement continuous security monitoring in modern development environments.
Tool: SpotBugs
CodeQL and Advanced Static Analysis11:27
Develop expertise in semantic code analysis with CodeQL and learn custom rule development for organization-specific security risks.
Tool: CodeQL
Security Test Automation Architecture6:30
Understand tool integration strategies and pipeline optimization while building scalable security testing infrastructure.
DevSecOps Best Practices0:17
OWASP Testing Guide: Error Handling0:17
Hands-On-Learning: Vulnerability Discovery with a Proxy Tool0:17
Automated Security Integration

Introduction to Section3:36
Introduction to the section, key topics to be covered, and call to action.
DAST Methodology and Black-box Testing6:58
Master runtime vulnerability detection principles and understand how DAST complements SAST in a comprehensive testing strategy.
ZAP Professional Workshop14:48
Learn OWASP ZAP configuration and scanning techniques while mastering automated crawling and vulnerability discovery methods.
Tool: OWASP ZAP
Hybrid Testing: Automated and Manual Techniques7:47
Discover how to combine automated scanning with manual validation techniques to optimize coverage and testing efficiency.

Penetration Testing Methodology7:43
Learn the PTES (Penetration Testing Execution Standard) framework and understand attack simulation and vulnerability validation processes.
Burp Suite Professional Techniques16:00
Apply advanced Burp Suite features for web application testing including proficiency with Intruder, Repeater, and Scanner modules.
Tool: Burp Suite
WebGoat Exploitation Laboratory17:55
Practice hands-on exploitation of OWASP Top 10 vulnerabilities in a safe learning environment designed for attack technique mastery.
Tool: WebGoat

Authentication & Session Security Testing7:49
Learn comprehensive session management vulnerability assessment techniques and explore multi-factor authentication bypass methods.
Business Logic & Race Condition Testing6:25
Learn complex vulnerability identification methods including timing attacks and race condition exploitation techniques.
Injection Attack Mastery7:50
Develop expertise in SQL injection, XSS, and command injection techniques while learning payload crafting and exploitation chaining strategies.
Tool: OWASP ZAP
Advanced Penetration Testing Techniques0:17
OWASP ZAP Getting Started0:16
Hands-On-Learning: Penetration Testing: Exploiting a Web Injection0:16
Advanced Exploitation Techniques
Presenting High-Risk Exploitation Findings to Leadership Under Pressure to Launch

Requirements

To get the most from this course, you’ll need basic programming knowledge in any language and a solid understanding of web technologies like HTTP, HTML, and databases. Familiarity with the software development lifecycle (SDLC) and CI/CD processes is preferred, but not mandatory. Basic command-line usage is essential, as many tools and exercises in this course involve navigating terminal interfaces.

Description

Mastering Application Security Testing and Debugging is designed to give learners a deep, practical understanding of modern application security principles, methodologies, and testing frameworks. Through this course, participants will gain expertise in identifying vulnerabilities, analysing security risks, performing both automated and manual testing, and applying attacker-oriented thinking to enhance an application’s security posture.

The course follows a structured, industry-aligned curriculum that explores core security testing domains in detail, supported by real-world case studies, hands-on labs, guided walkthroughs, and mock testing scenarios. Learners will develop practical, job-ready experience in tasks like secure code reviews, threat modelling, penetration testing, vulnerability triage, and systematic debugging. Additionally, you will learn to use industry-standard application security tools and advanced testing techniques to address security challenges.

This course emphasises building a comprehensive understanding of the entire application security lifecycle from threat identification and secure design principles to exploitation techniques, vulnerability remediation, and post-assessment reporting. Participants will gain valuable insight into how attackers think, behave, and exploit weaknesses, which empowers them to anticipate potential threats and proactively defend systems.

By the end of the program, learners will be fully prepared to operate as proficient application security testers and will have the confidence to collaborate effectively with development teams, influence secure engineering practices, and contribute to building resilient, high-trust digital products. This specialisation equips security professionals with the tools, frameworks, and strategic mindset necessary to reduce organisational risks, enhance security maturity, and make informed, security-driven decisions in today’s rapidly evolving digital landscape while fostering innovation, adaptability, and leadership in modern cybersecurity environments.

Who this course is for:

This course is ideal for software developers seeking to enhance their security testing skills, QA professionals transitioning into security roles, IT professionals with basic coding experience, and cybersecurity students or early-career professionals eager to specialize in application security. If you want to deepen your understanding of web application vulnerabilities, penetration testing, and security testing methodologies, this course equips you with the hands-on experience and knowledge to excel in application security.

Mastering Application Security Testing and Debugging

What you'll learn

Explore related topics

Course content

Course Introduction2 lectures • 8min

Application Security Fundamentals4 lectures • 27min

Static Application Security Testing (SAST)3 lectures • 45min

Secure Code Review & Manual Analysis6 lectures • 38min

Security Debugging Fundamentals4 lectures • 36min

Vulnerability Discovery Through Debugging3 lectures • 35min

Automated Security Integration6 lectures • 33min

Dynamic Application Security Testing (DAST)4 lectures • 33min

Penetration Testing Fundamentals3 lectures • 42min

Advanced Exploitation Techniques7 lectures • 23min

Requirements

Description

Who this course is for: