Contact Us

Free Software Testing Training Click For Info

Software Testing Training Is Coming To Your TownClick For Dates

Enter the Bug Free ZoneClick to Enter

Online Software Testing Training at your Pace and your PlaceClick For Details

Group Software Testing Training For Your TeamClick For Details

Web Security Testing Techniques (Elective)

This course covers the Elective area of the Certified Test Manager (CTM) certification, Certified Software Test Professional certification and the CSTAS certification.

For costs and cities where this course might be offered, please see the right border of this page or to bring this course to your test team at your location, contact our Education and Professionals Services Group.

Concepts

Students who attend the Web Security Testing Techniques class will leave the course armed with the skills required to recognize actual and potential software vulnerabilities, and test for those vulnerabilities in the applications they support.

This course introduces testers to some of the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a software development and testing perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, testing for those vulnerabilities.

Practical exercises and examples reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to learn how to design and implement tests for finding vulnerabilities in their own organization’s applications.

Participants will learn:

Working with our instructor, using live examples and open source testing tools, students will learn to:

  • Understand potential sources for untrusted data
  • Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
  • Be able to test web applications with various attack techniques to determine the existence of potential vulnerabilities associated with untrusted data
  • Understand the vulnerabilities of associated with authentication and authorization
  • Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
  • Be able to detect XSS and Injection vulnerabilities
  • Acquire the skills, tools, and best practices for design and code reviews as well as testing initiatives
  • Understand the basics of security testing and planning
Outline
  • Web Security Testing Tools and Processes
    • Principles
    • Reviews
    • Testing
    • Tools
      • Firefox Extensions/Firebug
      • WebScarab
      • cURL
      • CAL9000
      • Spiderzilla
  • Testing Practices
    • Authentication Testing
      • Testing Authentication Mechanisms for valid usernames
      • Testing for default or guessable user accounts
      • Testing for vulnerable remember passwords and password reset options
    • Data Validation Testing
      • Intercepting and Modifying POST Requests
      • Bypassing Input Limits
      • Tampering with the URL
      • Editing Cookies
      • Bypassing User Interface Restrictions
    • Denial of Service Testing
      • Testing for SQL Wildcard Attacks
      • Testing for Locking Customer Accounts
      • Testing for Abusing Repeatability
      • Testing for high-load actions
Register for Public Training Register for Online Training Retake Exam Request Course Extension Apply for Graduation Testimonials
testing-institute-facebook testing-institute-youtube testing-institute-linkedin testing-institute-twitter testing-institute-mailto
©Copyright IIST 2017 Contact Us