Introduction
This Security Testing & Static Application Security Testing (SAST) Fundamentals training course provides professionals with the knowledge required to identify application security vulnerabilities and implement static application security testing practices. The course focuses on understanding common security weaknesses, secure coding risks, and structured security validation approaches. Participants will learn how security testing supports software quality and reduces exposure to application threats. The training course explains how static application security testing identifies vulnerabilities early in the development lifecycle. Emphasis is placed on detecting coding flaws, insecure configurations, and dependency risks. Participants will also understand how structured security testing strengthens application security posture and supports governance requirements.
The training course further develops skills in using SAST tools such as SonarQube to analyze source code and detect vulnerabilities. Participants will learn how to interpret findings, prioritize remediation, and integrate security testing into CI/CD pipelines. The course also addresses OWASP Top 10 vulnerabilities and how to identify them using static analysis techniques. Participants will understand how to incorporate security testing into development workflows and improve collaboration between security and development teams. Additionally, the course explains reporting approaches that support vulnerability management and continuous security improvement. By the end of the training course, participants will be equipped to implement foundational security testing using SAST tools.
This Security Testing & Static Application Security Testing (SAST) Fundamentals training course will highlight:
- Understanding OWASP Top 10 vulnerabilities
- Planning application security testing
- Using SAST tools such as SonarQube
- Interpreting static analysis results
- Integrating SAST into CI/CD pipelines
Objectives
At the end of this Security Testing & Static Application Security Testing (SAST) Fundamentals training course, you will learn to:
- Identify common application vulnerabilities
- Plan security testing approaches
- Perform static application security testing
- Use SAST tools such as SonarQube
- Integrate security testing into CI/CD pipelines
Training Methodology
This training course provides structured technical guidance for implementing static application security testing practices. The methodology focuses on vulnerability identification, static code analysis, and CI/CD integration. Participants will examine application security risks, review static analysis results, and understand remediation prioritization. The course emphasizes practical application of SAST techniques within modern development environments.
Organisational Impact
This Security Testing & Static Application Security Testing (SAST) Fundamentals training course will enable organisations to:
- Improve application security posture
- Detect vulnerabilities early in development
- Reduce security risks in production systems
- Strengthen DevSecOps practices
- Improve vulnerability management
- Enhance security governance
Personal Impact
Participants will develop:
- Understand OWASP vulnerabilities
- Perform static security testing
- Use SAST tools effectively
- Interpret vulnerability reports
- Integrate security testing in CI/CD
- Improve application security knowledge
Who should Attend?
This training course is designed for professionals involved in software development, testing, and application security assurance.
- QA Engineers
- Security Testers
- Software Developers
- DevSecOps Engineers
- Application Security Engineers
- Test Automation Engineers
Application Security Fundamentals
- Application security concepts
- Secure development lifecycle
- Common application vulnerabilities
- OWASP Top 10 overview
- Security testing approaches
- Static vs dynamic testing
Static Application Security Testing
- SAST concepts
- Static analysis techniques
- Code scanning approaches
- Security rule configuration
- Identifying coding vulnerabilities
- Managing false positives
Using SAST Tools
- Introduction to SonarQube
- Configuring SAST scans
- Analyzing scan results
- Vulnerability classification
- Prioritizing remediation
- Security reporting
CI/CD Security Integration
- SAST in CI/CD pipelines
- Automated security scans
- Build pipeline integration
- Security quality gates
- Policy enforcement
- Continuous security testin
Vulnerability Management
- Vulnerability tracking
- Remediation planning
- Security metrics
- Risk-based prioritization
- Security reporting dashboards
- Continuous improvement
- Upon successful completion of this training course, a GLOMACS Certificate will be awarded to all delegates.
- Guided Learning Hours – In accordance with ISO 9001:2015–certified quality management standards, one Guided Learning Hour is awarded for every 60 minutes of attendance.