Advanced Security Certification Learning Path

Welcome

Instructions

Getting Started with Application Security

Exploring Runtime Vulnerability Analytics

Exploring Runtime Application Protection

Operationalizing Security

S UMMAR Y

Application Security FAQs

Lesson 1 of 7

Welcome

Welcome to the Advanced Security Certification Learning Path.

The Advanced Security Certification focuses on Dynatrace Practitioners who use security as
part of their daily lives. This certification allows individuals to show they can leverage Dynatrace
Application Security to understand and remediate vulnerabilities faster.

Upon completion of this learning path you will be able to:

Explain the importance of observability and application security.

Describe Dynatrace Application Security and how it works.

Configure Dynatrace Application Security to provide meaningful and

actionable insights.

Demonstrate the use of the Dynatrace platform for security analytics

and reporting.
Lesson 2 of 7

Instructions

This learning path is the key to your success in achieving the required skills and knowledge
needed for the Advanced Security Certification. We recommend that you follow along in order to
best prepare for your certification exam.

Prerequisites
Before embarking on the Dynatrace Advanced Security Learning Path and scheduling the exam,
ensure you meet the following prerequisites:

Six or more months of hands-on experience with the Dynatrace platform.

Basic understanding of how OneAgent works.

Basic understanding of DQL.

Basic understanding of application security concepts.

Learning Path Overview

Before embarking on the Dynatrace Advanced Security Learning Path and scheduling the exam,
ensure you meet the following prerequisites:
 Complete all sections: Go through every section of the Dynatrace
Advanced Security Learning Path meticulously.

Review buttons and subtopics: Ensure all buttons and subtopics

within each section are thoroughly reviewed to grasp the nuances of the
Dynatrace platform comprehensively.

Complete recommended action items: Pay special attention to the

"call to action" section at the end of each lesson and execute the
recommended action items to reinforce your learning.

Schedule your exam: Once you feel confident in your understanding of

the material and have completed all sections, schedule your exam to
become a certified Dynatrace Advanced Security Specialist.

Exam Details
Before embarking on the Dynatrace Advanced Security Learning Path and scheduling the exam,
ensure you meet the following prerequisites:
 The exam consists of 70 written questions and 10-20 practical
questions.

The written section includes both multiple-choice and multiple-response

questions.

For multiple-response questions, partial percentage for each correct

answer is given, and the same percentage is deducted for an incorrect
choice.

Exam proctoring is provided in English only.

The practical section is open book.

System Requirements
Ensure your system meets the following requirements before attempting the exam:

Desktop computer or laptop (PC or Mac) connected to a power source.

Webcam (portable enough to scan the room), computer, or plug-in

microphone (headset microphones or headphones are not allowed), and
speakers must remain ON throughout the test.

Chrome browser with pop-up blocker disabled.

Dual monitors are not allowed.

Test your readiness with Examity here. Examity will use GoToMeeting for
remote proctoring.

Environmental Requirements
Adhere to the following environmental requirements during the exam:

Maintain a clear desk and workspace, clearing off whiteboards and

bulletin boards.

Remain alone in the room throughout the test; book a conference room or
equivalent private space if taking the exam at your workplace.

Cell phones or tablets are not permitted.

Do not leave your seat during the exam.

Communication is restricted to the proctor only.

In case of disconnection, do not attempt to log back in; contact Examity

for assistance.

Identity Confirmation
You will need to confirm your identity with the Examity proctor, including providing your ID and
answering security questions set during account creation.

Accommodation
If you require accommodation to access the exam, please create a support ticket to request
assistance. Dynatrace is committed to ensuring exam accessibility for all individuals.
Lesson 3 of 7

Getting Started with Application Security

Application Security
Application security is a critical aspect of software
development, aimed at identifying, fixing, and
preventing security vulnerabilities within applications. It
encompasses practices that safeguard sensitive data and
application code, including measures during
development, design, and post-deployment.

In this section you will learn:

What is Application Security

How to activate Dynatrace Application Security

 How Dynatrace Application Security is licensed

What is Application Security

Dynamic IT environments have made application security more complex than ever.

Understand problems with the traditional application security approach.

READ B LOG

Familiarize yourself with the goals of continuous application security monitoring

and why it’s important.

READ B LOG

Read about cloud application security and the changes, challenges, and
opportunities of evolving cloud security solutions.

READ B LOG

Understand the benefits of (and growing need for) the convergence of

observability and security.

READ B LOG

A holistic approach to DevSecOps with observability + security

Security is an integral part of the Dynatrace platform. The context from observability data helps

in detecting vulnerabilities and attacks sooner and more accurately than before.
Learn more about Dynatrace Application Security solutions and use cases.

VI SI T P AGE

Explore capabilities of our Security Protection platform module.

VI SI T P AGE

Explore capabilities of our Security Analytics platform module.

VI SI T P AGE

Case studies and examples

Learn how Dynatrace Application Security has made a real-life impact on our customers.

Hear how Dynatrace capabilities played a critical role in identifying the log4j
vulnerability.

WAT CH VI DEO

Hear Skyworks’ story from Vice President and CIO, Satya Jayadev

VI SI T P AGE

Hear USI Insurance Services’ story from Software Lead Architect, Wendy Mathis

VI SI T P AGE

Read Soldo’s story from Head of Cloud Operations and DevOps, Luca Domenella
 VI SI T P AGE

Activating Application Security

Dynatrace Application Security helps secure your applications continuously in real-time.

Let's explore the following:

How to activate Dynatrace Application Security

How to enable Runtime Vulnerability Analytics

How to enable Runtime Application Protection

Activate Application Security

The first step is to activate Application Security in your environment. Learn more about the
steps to get started.

Activating Application Security.

WAT CH VI DEO

Enable Runtime Vulnerability Analytics

Dynatrace Runtime Vulnerability Analytics is designed to help you pinpoint vulnerabilities that

need immediate investigation. Watch this video to learn how to get started.

Enabling Runtime Vulnerability Analytics

WAT CH VI DEO
 Enable Runtime Application Protection
Lastly, you can enable Dynatrace Runtime Application Protection to detect and block attacks on
your applications automatically and in real time. Watch this video to learn how to get started.

Enabling Runtime Application Protection

WAT CH VI DEO

Application Security Licensing

Whether you have the Dynatrace classic or Dynatrace Platform Subscription licensing model,
learn more about how Application Security monitoring costs are calculated and where to track
consumption.

Dynatrace Classic Licensing

VI SI T P AGE

Dynatrace Platform Subscription (DPS)

VI SI T P AGE

Account Management

VI SI T P AGE

Dynatrace SaaS license management

VI SI T P AGE
Dynatrace Managed license management

VI SI T P AGE

DPS license management

VI SI T P AGE

Call to Action
To help you gain hands-on experience in activating
Application Security, it’s recommended that you take the
following actions in a Dynatrace environment, for
example, Dynatrace Playground.

1 Review Application Security settings in the Dynatrace Playground.

How do you enable/disable Application Security?

Are Third-party Vulnerability Analytics and Code-level

Vulnerability Analytics enabled? For which
technologies?
 Is Application Protection enabled? For which
technologies?

2 Review OneAgent features settings.

What options are relevant for Application Security?

Are there additional prerequisites or steps required?

Lesson 4 of 7

Exploring Runtime Vulnerability Analytics

Exploring Runtime Vulnerability Analytics

Runtime Vulnerability Analytics enables you to detect,
visualize, analyze, monitor, and remediate open source
and third-party vulnerabilities and the security
vulnerabilities in libraries and first-party code in
production and pre-production environments at runtime.

In this lesson, we will further examine the Runtime Vulnerability Analytics capability. Upon
completion, you should:

Understand the value proposition of Runtime Vulnerability Analytics

 Be able to explain how third-party and code-level vulnerabilities are
detected

Be able to describe how vulnerability risk is assessed

Application Security Overview

Once Runtime Vulnerability Analytics is enabled and configured, Dynatrace starts monitoring
your applications to detect vulnerabilities.

The Application Security Overview allows security teams to effectively manage risk and make
informed decisions about resource allocation and remediation efforts.

Watch the following video to learn more and take a closer look.

WAT CH VI DEO

Third-party vulnerabilities
A third-party vulnerability is a security problem detected in the third-party libraries loaded in
your environment.

Refer to Dynatrace documentation to learn more about how third-party

vulnerabilities are detected.

VI SI T P AGE

Code-level vulnerabilities
In addition to third-party vulnerability detection for known vulnerabilities in third-party libraries
used in your environment, Dynatrace code-level vulnerability detection detects unknown
 vulnerabilities in closed-source or custom application code.

Refer to Dynatrace documentation to learn more about how code-level

vulnerabilities are detected.

VI SI T P AGE

Risk assessment
Davis AI analyzes and prioritizes vulnerabilities in your environment to provide a risk

assessment with a security score.

Watch this video to learn about how the Davis Security Score is calculated and why
it’s the most precise risk-assessment score available.

WAT CH VI DEO

For more information on the Davis Security Score, refer to Dynatrace

documentation.

VI SI T P AGE

Managing Third-party vulnerabilities

To see a list of all detected third-party vulnerabilities in your environment, go to Third-Party
Vulnerabilities.

Check out this video for a closer look at third-party vulnerabilities and how to
make use of the details provided.
 WAT CH VI DEO

Your deployed Dynatrace monitoring mode can influence the Application Security
results displayed in Dynatrace. Read about the implications for third-party
vulnerabilities.

VI SI T P AGE

Fine-grained monitoring rules can be set up for third-party vulnerabilities. These

rules allow you to include or exclude specific processes from Application Security
monitoring. Watch this video to learn more.

WAT CH VI DEO

You can also change the status of vulnerabilities if you determine they don't
require attention in your environment. Watch this video to learn how and its
impact.

WAT CH VI DEO

For more information on filtering or changing the status of third-party

vulnerabilities, refer to Dynatrace documentation.

VI SI T P AGE

As you analyze and remediate vulnerabilities, learn more about remediation

tracking of individual entities affected by a third-party vulnerability.

VI SI T P AGE
 Managing Code-level vulnerabilities
To see a list of all detected code-level vulnerabilities in your environment, go to Code-Level
Vulnerabilities.

Check out this video for a closer look at code-level vulnerabilities and how to make
use of these details for mitigation.

WAT CH VI DEO

Your deployed Dynatrace monitoring mode can influence the Application Security
results displayed in Dynatrace. Read about the implications for code-level
vulnerabilities.

VI SI T P AGE

Code-level vulnerability monitoring rules can be set up to override global code-

level vulnerability detection control. Watch this video to learn how.

WAT CH VI DEO

Read how to filter or change the status of code-level vulnerabilities.

VI SI T P AGE

Call to Action
To help you gain hands-on experience with Runtime
Vulnerability Analytics, it’s recommended that you take
the following actions in a Dynatrace environment, for
example, Dynatrace Playground.

1 Explore the Application Security overview.

Is the environment currently monitored?

Which hosts and technologies are monitored?

How many vulnerabilities are detected?

2 Explore Third-party Vulnerabilities.

What information is provided for a detected third-party

vulnerability?

What options are available to filter the list of vulnerabilities?

What is the fix for the vulnerability with CVE ID: CVE-2021-44228?

What is the Davis Security Score? Is it equal to the CVSS? Why?

Which vulnerabilities have public internet exposure, reachable data

assets, public exploits published, or vulnerable functions in use?
How can you tell?

How can you control monitoring for third-party vulnerabilities?

3 Explore Code-level Vulnerabilities.

What information is provided for a detected code-level
vulnerability?

What options are available to filter the list of

vulnerabilities?

What potential entities may be at risk if vulnerability

‘S-360’ is exploited?

How can you control monitoring for code-level

vulnerabilities?
Lesson 5 of 7

Exploring Runtime Application Protection

Exploring Runtime Application Protection

Runtime Application Protection leverages code-level
insights and transaction analysis to detect and block
attacks on your applications automatically and in real
time.

In this lesson, we will further examine the Runtime Application Protection capability. Upon
completion, you should:
 Understand the value proposition of Runtime Application Protection

Be able to explain how attacks are detected

Be able to describe options to manage attacks

Attacks
Third-party and code-level vulnerabilities tell you a vulnerability is present and should be fixed,
while Runtime Application Protection alerts you that an attack is happening.

An attack is any request (call) from a certain client IP to your application code with malicious
intent that targets a code-level vulnerability.

The Attacks page provides a summary of detected attacks in your environment.

Watch the following video to learn more and take a closer look.

WAT CH VI DEO

Managing Attacks
Each attack detected can be expanded to perform additional actions.

Watch this video to learn more on managing attacks.

WAT CH VI DEO

For a closer look at allowlist and blocklist configurations, check out Configuring
Runtime Application Protection Rules.
 WAT CH VI DEO

Want to learn more? Refer to Dynatrace documentation for additional details.

VI SI T P AGE

Call to Action
To help you gain hands-on experience with Runtime
Application Protection, it’s recommended that you take
the following actions in a Dynatrace environment, for
example, Dynatrace Playground.

1 Explore Attacks.

What information is provided for a detected attack?

Is the environment monitored? How is the global

attack control set up?

What options are available to filter the list of

attacks?
 What process group(s) have an exploited command
injection type vulnerability? How was the
vulnerability exploited?

2 Explore Allowlist and Blocklist configurations.

How can you allow an attack? When would you want to

do so?

How can you block an attack? When would you want to

do so?
Lesson 6 of 7

Operationalizing Security

Operationalizing Security
The convergence of observability and security provides a
comprehensive, real-time view of an organization's
application environment and security posture. Using the
power of Grail and the security data ingested into it,
various data analysis, reporting, and automation use
cases can be implemented to meet the needs of
DevSecOps teams and their stakeholders.

In this section, we will explore how to use of security insights provided by Dynatrace Application
Security.

Security data analysis and reporting

 Incident response

DevSecOps automation

Threat hunting and forensics

Security data analysis and reporting

Security analytics is an IT security process that analyzes available data to proactively prevent

threats. It uses a combination of data collection, data aggregation, and AI to detect, identify,
and defend against security threats.

Security data on Grail

You can accomplish various analysis and reporting tasks on top of the security data on Grail –
Dynatrace’s data lakehouse designed for observability and security.

Dynatrace Query Language (DQL) is used to explore data stored in Grail. Explore
DQL documentation.

VI SI T P AGE

Learn about security events.

VI SI T P AGE

Take a look at DQL examples for security data.

VI SI T P AGE
Check out the built-in security query snippets in Dashboards and Notebooks.

VI SI T P AGE

Familiarize yourself with the out-of-the-box Dashboard and Notebook templates

you can use as a starting point and fine-tune to fit your organization’s needs.

VI SI T P AGE

Metrics Classic
You can use Application Security metrics to create charts and pin them to your (classic)

dashboards. Learn more about the available metrics and how you can make use of them.

Application Security metrics for Runtime Vulnerability Analytics.

VI SI T P AGE

Application Security metrics for Runtime Application Protection.

VI SI T P AGE

Incident response
Dynatrace automatically discovers security issues in your environment and provides
contextualized, automated risk assessments and details via the Dynatrace Web UI and API.

Integrate security notifications with Dynatrace to pass security issues to your teams for
alerting and remediation purposes.

Built-in Notifications
Explore security notifications for vulnerabilities.

VI SI T P AGE

Explore security notifications for attacks.

VI SI T P AGE

See the alerting profile and security notification integration configuration in

action.

WAT CH VI DEO

Using Workflows to Leverage Notifications

Check out a CSPM notification automation example.

VI SI T P AGE

Check out an attack notification automation example.

VI SI T P AGE

DevSecOps automation
DevSecOps automation encourages organizations to discover that application security should be
a collaborative responsibility between all teams involved in the software delivery lifecycle (SDLC)
rather than a traditional, siloed approach. With DevSecOps, organizations can combine security
and observability with automation, transforming the SDLC into a quicker, more secure, software
release process.
Read about DevSecOps challenges, best practices, and more.

READ B LOG

Read more about DevSecOps automation.

READ B LOG

Security gates ensure that code meets key security requirements defined by
development and security stakeholders. Check out a security gate example using
Dynatrace’s Site Reliability Guardian.

READ B LOG

DevSecOps Lifecycle Coverage with Snyk

The DevSecOps Lifecycle Coverage with Snyk app provides a holistic view across the DevSecOps
lifecycle.

Read about how it can help you eliminate blind spots, drive automation, and
operationalize application security.

READ B LOG

Learn more about the app capabilities, how to get started, and the insights
available.

VI SI T P AGE

DevSecOps Automation in action

Watch this webinar on how to operationalize DevSecOps automation with
Dynatrace Application Security solutions.

WAT CH VI DEO

Watch this webinar on how to automate & simplify Application Security with
Dynatrace.

WAT CH VI DEO

Threat hunting and forensics

What is a threat? A threat is any potential danger or risk to the security of a software system
or application, including cyberattacks, malware, and human error.

What is threat hunting? Threat hunting is a proactive approach to identifying previously

unknown, or ongoing non-remediated threats, within an organization’s network.

Security Investigator
Dynatrace Security Investigator is designed for threat hunting, incident solving, and root cause
analysis and provides assisted functionalities and automations to speed up and support

investigation resolution. It supported evidence-driven security use cases based on logs, metrics,
and traces ingested into Grail.

Explore threat-hunting expectations vs. reality and how Dynatrace Security

Investigator can help accelerate resolution.

READ B LOG
Learn more about how Dynatrace Security Investigator can help during your
investigations.

READ B LOG

Familiarize with Security Investigator capabilities and how to get started.

VI SI T P AGE

Check out an example scenario using Security Investigator.

VI SI T P AGE

Watch the Dynatrace app spotlight on the Dynatrace Security Investigator to see
it in action.

WAT CH VI DEO

Call to Action
To help you gain hands-on experience in operationalizing
security, it’s recommended that you take the following
actions in a Dynatrace environment, for example,
Dynatrace Playground.
1 In the Third-party Vulnerabilities app, create (and explore) a security
report (dashboard) using the 'Threat Exposure template'.

What questions does it help you answer?

How can you customize the dashboard?

How can you share it with others?

2 Create a new notebook to explore security data on Grail.

What security snippets are available? Run each and

check out the results.

What additional security data can you query with DQL?

3 Explore methods for sending security notifications.

Which methods are provided out-of-the-box?

What options are available to restrict when

notifications are sent?

4 In the Site Reliability Guardian app, create a new guardian using the
‘Security gate’ template. (Note: You won't be able to save it in the
Playground environment.)

What objectives are automatically included?

How can you make use of a security gate in your

release process?
Lesson 7 of 7

Application Security FAQs

Application Security FAQs

In this section, you will familiarize with answers to the most frequently asked questions for
Application Security.

View FAQs document.

VI SI T P AGE