• Home

  • Documents

  • Security Testing for Engineers - Software Secured...Security Testing for Engineers SS-401 “This...
2
Security Testing for Engineers – SS401 This hands-on course gives software developers and quality assurance engineers the tools, processes and knowledge to test their applications against prevalent web attacks. Students will learn how attackers view their applications, how they attack these applications, the techniques to verify vulnerability scanners results, and finally, how to communicate risk to stakeholders. Target Audience § Software Developers § Quality Assurance Engineers § Technical Leads Course Requirements & Prerequisites § Prerequisites: Application Security Fundamentals – SS101 § Intermediate to expert understanding of the web as well as the HTTP protocol. § Intermediate to expert experience with web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support Security Testing for Engineers SS-401 “This was a great class! The instructor is quite knowledgeable and makes the classes fun and informative. He is open to questions and tries to answer every one of them. Sherif is a joy!” Keith Cooper – Elavon 2 Days Course

Security Testing for Engineers - Software Secured...Security Testing for Engineers SS-401 “This was a great class! The instructor is quite knowledgeable and makes the classes fun

  • Upload
    others

  • View
    7

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Security Testing for Engineers - Software Secured...Security Testing for Engineers SS-401 “This was a great class! The instructor is quite knowledgeable and makes the classes fun

Security Testing for Engineers – SS401

This hands-on course gives software developers and quality assurance engineers the tools, processes and knowledge to test their applications against prevalent web attacks. Students will learn how attackers view their applications, how they attack these applications, the techniques to verify vulnerability scanners results, and finally, how to communicate risk to stakeholders.

Target Audience § Software Developers § Quality Assurance Engineers § Technical Leads

Course Requirements & Prerequisites § Prerequisites: Application Security Fundamentals – SS101 § Intermediate to expert understanding of the web as well as the HTTP protocol. § Intermediate to expert experience with web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support

Security Testing for Engineers SS-401

“This was a great class! The instructor is quite knowledgeable and makes the classes fun and informative. He is open to questions and tries to answer every one of them. Sherif is a joy!”

Keith Cooper – Elavon 2 Days Course

Page 2: Security Testing for Engineers - Software Secured...Security Testing for Engineers SS-401 “This was a great class! The instructor is quite knowledgeable and makes the classes fun

Security Testing for Engineers – SS401

Course Contents § Introduction § Why application security

o Client expectations o Financial cost o Brand value o Google hacking o Introducing Shodan

§ A brief of overview of HTTP Protocol o HTTP Basics o Setting up an intercepting proxy

§ Recon and information gathering o Legal and ethics consideration o Proper reconnaissance o Information gathering techniques o Open source intelligence o Port scanning techniques o Nmap o Using netcat o Spidering techniques o OWASP Zed Attack Proxy

§ Mapping and discovery o Introducing Burp Suite o Spidering with Burp o Filtering with Burp o Automating attacks using Burp o Active vs passive scanning

§ Exploitation o Blind vs Straight SQL injection o Validating Cross-site Scripting attacks o Exploiting insecure direct object reference attacks o Exploiting path manipulation attacks o Cross-site request forgery attacks

§ Conclusion and closeout remarks


Security Testing - The Missing Link in IT Security Color Testing... · security testing as a priority in all project activities. • Continuous security testing in all forms • Strong

Security Testing - The Missing Link in IT Security Color Testing... · security testing as a priority in all project activities. • Continuous security testing in all forms • Strong

Documents
Testing Engineers - San Diego - Amendment Request

Testing Engineers - San Diego - Amendment Request

Documents
Avalanche Unified Security Testing - · PDF fileAdvanced Network Security Testing Avalanche Unified Security Testing Michael Jack. Agenda The need for Defense In-depth Security Performance

Avalanche Unified Security Testing - · PDF fileAdvanced Network Security Testing Avalanche Unified Security Testing Michael Jack. Agenda The need for Defense In-depth Security Performance

Documents
Continuous Security Testing

Continuous Security Testing

Technology
Security testing

Security testing

Technology
Security Testing Market

Security Testing Market

Documents
Security testing vs “regular” testing › teaching › courses › st › 2017-18 › ... · Security testing vs “regular” testing “Regular” testing aims to ensure that

Security testing vs “regular” testing › teaching › courses › st › 2017-18 › ... · Security testing vs “regular” testing “Regular” testing aims to ensure that

Documents
Automotive security testing

Automotive security testing

Technology
Testing NodeJS Security

Testing NodeJS Security

Technology
INSPECTION & TESTING ENGINEERS

INSPECTION & TESTING ENGINEERS

Documents
13 Security Testing

13 Security Testing

Documents
Security Testing for Testing Professionals

Security Testing for Testing Professionals

Technology
Security testing presentation

Security testing presentation

Documents
Blind Security Testing - Black Hat...Blind Security Testing An Evolutionary Approach • Blind Security Testing • Blind testing is useful in several areas: baseline testing, audit,

Blind Security Testing - Black Hat...Blind Security Testing An Evolutionary Approach • Blind Security Testing • Blind testing is useful in several areas: baseline testing, audit,

Documents
Software Security Testing

Software Security Testing

Education
Security testing addons

Security testing addons

Technology
Security Testing Methodology

Security Testing Methodology

Documents
U.S. Army Corps of Engineers: The Nation’s Homeland ... · PDF fileU.S. Army Corps of Engineers: The Nation’s Homeland Security ... THE NATION’S HOMELAND SECURITY ENGINEERS

U.S. Army Corps of Engineers: The Nation’s Homeland ... · PDF fileU.S. Army Corps of Engineers: The Nation’s Homeland Security ... THE NATION’S HOMELAND SECURITY ENGINEERS

Documents
Software Security Testing - SecAppDev 2018secappdev.org/handouts/2009/software security testing in the real... · Software Security Testing: Seeking security in an insecure world

Software Security Testing - SecAppDev 2018secappdev.org/handouts/2009/software security testing in the real... · Software Security Testing: Seeking security in an insecure world

Documents
Security-testing presentation

Security-testing presentation

Technology
Combinatorial Security Testing: Combinatorial Testing Meets

Combinatorial Security Testing: Combinatorial Testing Meets

Documents
Automated testing basics for test engineers

Automated testing basics for test engineers

Software
IT'S TIME TO EVOLVE SECURITY TESTING - Lumu · SECURITY TESTING Security testing today has two big branches: penetration testing and vulnerability assessment. The first one tries

IT'S TIME TO EVOLVE SECURITY TESTING - Lumu · SECURITY TESTING Security testing today has two big branches: penetration testing and vulnerability assessment. The first one tries

Documents
Opensource Security Testing

Opensource Security Testing

Documents
Destructive Testing Services by Inspection & Testing Engineers Delhi Noida

Destructive Testing Services by Inspection & Testing Engineers Delhi Noida

Business
Tejpal Engineers, Ahmedabad, Testing Equipment & Survey Instruments

Tejpal Engineers, Ahmedabad, Testing Equipment & Survey Instruments

Technology
Penetration Testing - Security Conference, Security Training

Penetration Testing - Security Conference, Security Training

Documents
Network Security Testing

Network Security Testing

Documents
Security Testing - UMD

Security Testing - UMD

Documents
Enabling Security Testing

Enabling Security Testing

Documents