A venture of      
Home About Us Assessments CREST Trainings Certifications Contact Us
HOME > Security Testing NEXT STEPS
Security Testing

Contact Us | Register Now

This course is introduction to the world of web application security testing. It is designed to walk testers through every step of web application penetration testing arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to the common web application vulnerabilities, testing techniques and tools by a professional security tester.

Target Audience
The target audience for the program can include Software Test Leads, Test professionals, Quality Assurance Specialist having basic understanding of how applications work. No prior security testing experience is required.

Objectives

After the completion of the course, the participants would be able to:
• Identify why software security matters to their business
• Quickly Identify the riskiest areas of an application
• Perform a high-level security assessment on their application.
• Integrate security test cases and tools as part of their test suites
• Report findings in a comprehensive manner in order t o enable timely remediation

Outline

DAY 1

Introduction
- Participants
- Familiarization with course material
- Familiarization with the protocols and timings
- Expectation setting and clarifications
- Class Exercises & Cases
- Necessity of Pre Requisites

Introduction to Software Security
- Security in the System Development Life Cycle
- Thinking like a Security Engineer
- Enumerating the attack surface

Tea Break

Standard Application Attack Vectors
- Get and Post
- Header
- Cookies

Beyond the Application
- Server Fingerprinting
- Port Scanning
- Tools: HTTP print, NMAP etc

Lunch time

Introduction to the web
- Understanding the underlying protocols of the web
- Client server communications on the web (overview of HTTP requests and response)
- Adding session tracking to HTTP (the concept of sessions i.e. cookies, form based sessions etc.)
- Examining real HTTP requests/responses

Tea Break

Introduction to Web application Security :
- What is Web Application Security
- Grasping the fundamentals of Security flaws
- Web application vulnerabilities and the anatomy of an attack
- Some proven web application security principles
- The mindset needed for Testing the Security aspects of a web application

DAY 2
Introduction to Web app recon.
- This will include identifying web app technologies implemented, its architecture, its working and core components.
- Identifying session management technologies used and entry points in the web app.

Tea Break

Review of top web application vulnerabilities : (Hands on Exercise on webgoat)
Common Weaknesses
Data Leakage Attacks
- Sniffing
- Decompiling of Client-side code (OllyDebug)
- Direct Request (Forced Browsing)
- Path Traversal
- Parameter Tampering (Hands On!)

Lunch time

Incorrect Resource Transfer between Spheres
- Bypassing Client-side Enforcement of Security
- Unrestricted File Upload

Tea Break
Injection Attacks
- SQL Injection (Hands On!)
- Cross-site Scripting (XSS) (Hands On!)
- HTTP Response Splitting
- Recursive XML Payload
- Buffer Overflow

Day Schedule
Registration: 8:30 - 9:30 a.m.
Morning Session 8:30 a.m. - 01:00 p.m.
Lunch 01:00 - 1:45 p.m.
Afternoon Session 1:45 - 5:00 p.m.

This is a typical daily schedule. Please confirm the program schedule at registration.

Registration Fee
INR 18,000 for Single Nomination + Service Tax
INR 68,400 for Task Force of Four + Service Tax

 The price includes the course material, lunch & breaks each day, and a certificate of completion. Hotel and travel arrangements are the responsibility of the attendee.

ETI Cancellation Policy
  • All cancellations must be made in writing - either by mail, e-mail, or fax.
  • All payments must be received by ETI prior to the start of the workshop/seminar.
  • If cancelled 5 calendar days, or later, prior to the start date or for no-shows - NO REFUND
  • If cancelled 6-30 calendar days prior to the start date - 50 % of the workshop/seminar fee will be non-refundable.
  • If cancelled prior to 30 calendar days to the start date - A full refund will be issued.
  • You are welcome to substitute if you cannot attend, but please notify in advance.
  • You may reschedule with at least four weeks notice prior to the workshop/seminar for which you are currently registered.
  • Please send all cancellations and substitutions to support@edistatesting.com or call 91-80-490-23456
UPCOMING EVENTS

Security Testing
May 25- May 26. Chennai
Jun 07-Jun 08. Bangalore.
Jun 26-Jun 27. Hyderabad

Effective Test Management - Upping Your Game
Jun 04- Jun 05. Bangalore
Jun 06- Jun 07. Chennai

MainframeTesting
May 22- May 25. Hyderabad
May 15- May 18. Bangalore
Jun 11-Jun 14. Chennai

Test Architecture
Jun 14- Jun 15. Bangalore

QA for Agile Projects
Jun 19- Jun 20. Chennai
Jun 21- Jun 22. Hyderabad
Submit an Enquiry
Download ETI Training Catalogue
News Letter Sign Up
Register for a course
RECENT NEWS
QAI Partners with Everonn Education

 QAI Partners with Everonn Education Ltd.QAI has recently partnered with Everonn, India's largest VSAT education provider, with a network of over 1680 colleges
. Through this tie up, QAI will offer career programs, certifications, elearning courses to Everonn's networked colleges.
OTHER OFFERINGS
Recruit ready employable software testers from us.
CREST [Center for Ready Employable Software Testers] an initiative of ETI is established to provide you access to ready employable entry level software testing talent. Customized to your organizations context, we can support in your short term and long term demand for testers.
Click here to know more.
Edista Testing Institute - A venture of QAI Global Institute 
Privacy Policy | Terms of Service © 2011 All Rights Reserved.		 TEST REPUBLIC - COMMUNITY OF SOFTWARE TESTING PROFESSIONALS
9700+ Members | 210 Countries | Register Today!