Security Testing

Security Testing Online Training will be on 21st April 2017 @ 6.30 PM IST 

Learn Security Testing from experienced professionals – From where you are

Mode of session

  • 15 to 20 hours Interactive Online Session and one hour per day

Benefits from Quality Learning

  • One year access of recorded videos
  • Online help, even after end of the course

Course Fee: $300 USD

What you will learn (Course Content)

Module 1: Introduction to Security Testing

  • Why Security Testing? Brief history and Examples
  • Career opportunities and Skill Development

Module 2. Http and Https Protocol Basics

  • Header and Body
  • Requests
  • Responses – Status Codes
  • How different from Http
  • SSL and Set up
  • Limitation

Module 3. Encoding vs Encryption

  • Introduction
  • Charsets
  • Charset Vs Charset Encoding
  • URL Encoding
  • HTML Encoding
  • Base 64
  • Cryptography and Password Cracking

Module 4. Same Origin

  • Introduction to Same Origin
  • How SOP Works
  • What does SOP Protect from?
  • Examples and Exceptions

Module 5. Cookies

  • Introduction
  • Use of Cookies
  • Types of Cookies

Module 6. Penetration Testing Process

  • Introduction
  • Threat Modelling
  • Methodologies
  • PTES
  • OSSTMM
  • OWASP Testing Techniques

Module 7. The Basic CIA Triad

  • Authentication
  • Authorization
  • Confidentiality
  • Integrity
  • Non Repudiation/Accountability
  • Availability

Module 8. Web application proxy usage Lab Session

  • What is Proxy Server? How it works
  • Burp Suite Configuration
  • Understanding the Http Request and Response using Burp Suite
  • Http Splitting
  • Information Gathering

Module 9.Understanding OWASP Top 10 Security Threats

  • Injection
  • Weak authentication and session management
  • XSS
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross Site Request Forgery
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards

Module 10.Hands On Sessions

  • Access Control Flaws
  • Bypass a Path Based Access Control Scheme
  • Role Based Access Control
  • Remote Admin Access
  • AJAX Security
  • Authentication Flaws
  • Various authentication flaws
  • Forgot Password Exercises
  • Buffer Overflows
  • Concurrency
  • Thread safety Issues
  • Handling Concurrency Flaws
  • Cross-Site Scripting (XSS)
  • Stored XSS Attacks
  • Reflected XSS
  • Cross Site Request Forgery
  • CSRF Prompt and Token ByPass
  • Improper Error Handling
  • Injection Flaws
  • SQL Injection
  • Xpath Injection
  • Denial of Service
  • Insecure Communication
  • Insecure Configuration
  • Insecure Storage
  • Malicious Execution
  • Parameter Tampering
  • Hidden Variables
  • URLs
  • Form Data
  • Session Management Flaws
  • Session Hijacking
  • Session Fixation
  • Cookie Spoofing
  • Advanced Web Attacks – Web Services
  • WSDL Scanning
  • Web Services – SAX

Module 11.Web Services Flaws

  • What are web services and Flaws around Web Services
  • Web Services – SAX Injection
  • Web Services – SQL Injection

Module 12. Using Security Testing Tools – Open Source and Commercial

Module 13  Challenge Round – Perform Penetration Testing on a given sample Application

Watch Orientation Session

If any questions, please drop an email to contact@qualitylearning.in  know more.