Know More About Security Testing and Security Testing Tutorials

At a time software applications are being used to perform many important functions, security has become a thing of concern. The user will have to feed the app with many of his or her highly confidential information to perform the function and it should be ensured that that information will not fall in the hands of an unauthorized person. Secondly, unauthorized persons should not be able to perform the function for which the app is meant for. Finally, the app should function properly so that the user or the owner will not face any trouble. Here is the significance of Security testing.

Security testing is one of the most important testings among many types of software testing. It deals with the security aspects of an app such as confidentiality, integrity, authentication, authorization, availability, and non-repudiation. In this modern world, hackers and crackers are getting smarter and hence security testing has become the most important and unavoidable testing among different types of software testing. Hence, there is a huge demand for security testing professionals.

In order to create more security testing professionals, many security testing training tutorials have come in the recent past. There are many other security testing tutorials which are here for over a decade and with proven track records. In all Security testing training tutorials the basics of security testing will be taught in details with the help of videos. Different tools used in security testing and different aspects of security testing etc also will be taught. At the end of the tutorial, there will be a security testing live project training to help the trainees to get more practical experience.

Although the syllabus followed by different trainers may change a bit the core of the course content will be the same. Most of the professional and well-reputed security training providers follow the below-given content.

Chapter 1: Introduction to Security Testing

  • 1.1 Why Security Testing? Brief history and Examples
  • 1.2 Career opportunities and Skill Development

Chapter 2. Http Protocol Basics

  • 2.1 Header and Body
  • 2.2 Requests
  • 2.3 Responses – Status Codes

Chapter 3. How https works

  • 3.1 How different from Http
  • 3.2 SSL and Set up
  • 3.3 Limitation

Chapter 4. Encoding

  • 4.1 Introduction
  • 4.2 Charsets
  • 4.3 Charset Vs Charset Encoding
  • 4.4 URL Encoding
  • 4.5 HTML Encoding
  • 4.6 Base 64

Chapter 5. Same Origin

  • 5.1 Introduction to Same Origin
  • 5.2 How SOP Works
  • 5.3 What does SOP Protect from?
  • 5.4 Examples and Exceptions

Chapter 6. Cookies

  • 6.1 Introduction
  • 6.2 Use of Cookies
  • 6.3 Types of Cookies

Chapter 7. Penetration Testing Process

  • 7.1 Introduction
  • 7.2 Threat Modeling
  • 7.3 Methodologies
  • 7.4 PTES
  • 7.5 OSSTMM
  • 7.6 OWASP Testing Techniques

Chapter 8. The Basic CIA Triad

  • 8.1 Authentication
  • 8.2 Authorization
  • 8.3 Confidentiality
  • 8.4 Integrity
  • 8.5 Non Repudiation/Accountability
  • 8.6 Availability

Chapter 9. Web application proxy usage Lab Session:

  • 9.1 What is Proxy Server? How it works
  • 9.2 Burp Suite Configuration
  • 9.3 Understanding the Http Request and Response using Burp Suite
  • 9.4 Http Splitting
  • 9.5 Cryptography and Password Cracking
  • 9.6 Information Gathering

Chapter 10.Understanding OWASP Top 10 Security Threats:

  • 10.1 Injection
  • 10.2 Broken Authentication and Session Management
  • 10.3 Cross-Site Scripting (XSS)
  • 10.4 Insecure Direct Object References
  • 10.5 Security Misconfiguration
  • 10.6 Sensitive Data Exposure
  • 10.7 Missing Function Level Access Control
  • 10.8 Cross-Site Request Forgery (CSRF)
  • 10.9 Using Known Vulnerable Components
  • 10.10 Unvalidated Redirects and Forwards

Chapter 11.Hands On Sessions:

  • 11.1 Access Control Flaws
  • 11.2 Bypass a Path Based Access Control Scheme
  • 11.3 Role Based Access Control
  • 11.4 Remote Admin Access
  • 11.5 AJAX Security
  • 11.6 Authentication Flaws
  • 11.7 Various authentication flaws
  • 11.8 Forgot Password Exercises
  • 11.9 Buffer Overflows
  • 11.10 Concurrency
  • 11.11 Thread safety Issues
  • 11.12 Handling Concurrency Flaws
  • 11.13 Cross-Site Scripting (XSS)
  • 11.4 Stored XSS Attacks
  • 11.15 Reflected XSS
  • 11.16 Cross Site Request Forgery
  • 11.17 CSRF Prompt and Token ByPass
  • 11.18 Improper Error Handling
  • 11.19 Injection Flaws
  • 11.20 SQL Injection
  • 11.21 Xpath Injection
  • 11.22 Denial of Service
  • 11.23 Insecure Communication
  • 11.24 Insecure Configuration
  • 11.25 Insecure Storage
  • 11.26 Malicious Execution
  • 11.27 Parameter Tampering
  • 11.28 Hidden Variables
  • 11.29 URLs
  • 11.30 Form Data
  • 11.31 Session Management Flaws
  • 11.32 Session Hijacking
  • 11.33 Session Fixation
  • 11.34 Cookie Spoofing
  • 11.35 Advanced Web Attacks – Web Services
  • 11.36 WSDL Scanning
  • 11.37 Web Services – SAX

Chapter 12.Injection

  • 12.1 Web Services – SQL Injection

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>