Find vulnerabilities before hackers do. Master DAST basics, OWASP ZAP proxy, and identifying common web flaws like XSS and SQLi.
Security is everyone's responsibility, including QA. This course teaches Functional Testers how to perform basic Security Testing. You will use the OWASP ZAP proxy to intercept traffic and scan for vulnerabilities. Learn to identify the OWASP Top 10 flaws (Injection, XSS, Broken Auth) during manual testing. We cover security test automation and how to report security bugs effectively to developers without needing to be a full penetration tester.
Estimated completion time: 21 lessons • Self-paced learning • Lifetime access
It's a lightweight version for QA cycles.
Minimal; focus is on tools and payloads.
ZAP can be automated in CI pipelines.
Good prep for beginner security certs.
3 recommended paths based on what you're learning
Go beyond the basics. Technical Project Manager builds directly on what you know.
While everyone focuses on Security Testing for QA, the smart ones are also learning Git.
This AI tool changes the game: ChatGPT + Notion AI lets you learn anything 10x faster.