Course Content
Understanding Web Security Concerns
- Introduction - Web Security
- The Business Impact of Security
- Secure SDLC Self-Assessment
- Roles and Responsibilities
- Need for Security Policy
- The Vulnerabilities
- Web Security - Technology Basics
- An Ecommerce Example
Introduction and Key Principles in Testing
- Testing Concepts- Verification & Validation
- SDLC and STLC
- Test Design Methods and Testing Levels for Security Testing
- Security Requirements Testing Derivation
- Introduction to Testing Framework-OWASP
- Secure SDLC Self-Assessment
- Hands on - Identify Security Requirement from given Functional Requirements Specification
Introduction to Security Testing
- What is Web Security Testing
- Knowledge and Skills Needed for a Security Tester
- The Scope of a Security Testing
- Measures to Implement Overall Security for the Application
- Security and Internet
Security Testing Methodology
- Web Applications Security Landscape
- The Business Logic Security Testing
- Preparation and Testing
- Risk Based Approach
- Risk Awareness - Know, Analyze and Understand The Risk
- Methods to Resolve the Problems
- Measure the Results
- Hands on - Risk Identification Case Study
- A1 - Injection
- A2 - Cross - site Scripting(XSS)
- A3 - Broken Identification and Session Management
- A4 - Insecure Direct Object References
- A5 - Cross Side Request Forgery(CSRF)
- A6 - Security Misconfiguration (NEW)
- A7 - Insecure Cryptographic Storage
- A8 - Failure to Restrict URL Access
- A9 - Insufficient Transport Layer Protection
- A10 - Unvalidated Redirect and Forward
- Testing the Enterprise Security - Anti Spam and Anti - Virus
A walk through on vulnerabilities
SQL Injunction
Cross-Site Scripting
Port Scanning and Service Mapping
Random Data Testing
Session Hijacking
Phishing
URL Manipulation
IP Spoofing
Social Engineering
Parameter Manipulation
Penetration Testing
Database Auditing
- The Server Security (The Process of Limiting the Access to Database Server)
- Database Connection (The Local and Remote Database Access Through Authentication and Authorization)
- Table Access Control (Related to Access Control List Restricting Control to Database Tables)
- Restricting to Database Access ( Firewall and Network Segmentation)
- Hands on Database Auditing
- Introduction to Automation
- Security Test Automation Tools
- Demo on using Test Automation for Security Testing
- Demo for Automation Test Tools
- Introduction to Penetration Testing
