Setup Menus in Admin Panel

ITeLearn.com

Security Testing Course Content

Security Testing Course Content

Chapter 1: Introduction to Security Testing

  • 1.1 Why Security Testing? Brief history and Examples
  • 1.2 Career opportunities and Skill Development

Chapter 2. Http Protocol Basics

  • 2.1 Header and Body
  • 2.2 Requests
  • 2.3 Responses – Status Codes

Chapter 3. How https works

  • 3.1 How different from Http
  • 3.2 SSL and Set up
  • 3.3 Limitation

Chapter 4. Encoding

  • 4.1 Introduction
  • 4.2 Charsets
  • 4.3 Charset Vs Charset Encoding
  • 4.4 URL Encoding
  • 4.5 HTML Encoding
  • 4.6 Base 64

Chapter 5. Same Origin

  • 5.1 Introduction to Same Origin
  • 5.2 How SOP Works
  • 5.3 What does SOP Protect from?
  • 5.4 Examples and Exceptions

Chapter 6. Cookies

  • 6.1 Introduction
  • 6.2 Use of Cookies
  • 6.3 Types of Cookies

Chapter 7. Penetration Testing Process

  • 7.1 Introduction
  • 7.2 Threat Modeling
  • 7.3 Methodologies
  • 7.4 PTES
  • 7.5 OSSTMM
  • 7.6 OWASP Testing Techniques

Chapter 8. The Basic CIA Triad

  • 8.1 Authentication
  • 8.2 Authorization
  • 8.3 Confidentiality
  • 8.4 Integrity
  • 8.5 Non‐Repudiation/Accountability
  • 8.6 Availability

Chapter 9. Web application proxy – usage – Lab Session:

  • 9.1 What is Proxy Server? How it works
  • 9.2 Burp Suite Configuration
  • 9.3 Understanding the Http Request and Response using Burp Suite
  • 9.4 Http Splitting
  • 9.5 Cryptography and Password Cracking
  • 9.6 Information Gathering

Chapter 10.Understanding OWASP Top 10 Security Threats:

  • 10.1 Injection
  • 10.2 Broken Authentication and Session Management
  • 10.3 Cross-Site Scripting (XSS)
  • 10.4 Insecure Direct Object References
  • 10.5 Security Misconfiguration
  • 10.6 Sensitive Data Exposure
  • 10.7 Missing Function Level Access Control
  • 10.8 Cross-Site Request Forgery (CSRF)
  • 10.9 Using Known Vulnerable Components
  • 10.10 Unvalidated Redirects and Forwards

Chapter 11.Hands On – Sessions:

  • 11.1 Access Control Flaws
  • 11.2 Bypass a Path Based Access Control Scheme
  • 11.3 Role Based Access Control
  • 11.4 Remote Admin Access
  • 11.5 AJAX Security
  • 11.6 Authentication Flaws
  • 11.7 Various authentication flaws
  • 11.8 Forgot Password Exercises
  • 11.9 Buffer Overflows
  • 11.10 Concurrency
  • 11.11 Thread safety Issues
  • 11.12 Handling Concurrency Flaws
  • 11.13 Cross-Site Scripting (XSS)
  • 11.4 Stored XSS Attacks
  • 11.15 Reflected XSS
  • 11.16 Cross Site Request Forgery
  • 11.17 CSRF – Prompt and Token ByPass
  • 11.18 Improper Error Handling
  • 11.19 Injection Flaws
  • 11.20 SQL Injection
  • 11.21 Xpath Injection
  • 11.22 Denial of Service
  • 11.23 Insecure Communication
  • 11.24 Insecure Configuration
  • 11.25 Insecure Storage
  • 11.26 Malicious Execution
  • 11.27 Parameter Tampering
  • 11.28 Hidden Variables
  • 11.29 URLs
  • 11.30 Form Data
  • 11.31 Session Management Flaws
  • 11.32 Session Hijacking
  • 11.33 Session Fixation
  • 11.34 Cookie Spoofing
  • 11.35 Advanced Web Attacks – Web Services
  • 11.36 WSDL Scanning
  • 11.37 Web Services – SAX

Chapter 12.Injection

  • 12.1 Web Services – SQL Injection

Exploring Open Source Security Testing Tools

Challenge Round – Perform Penetration Testing on a given sample Application

November 12, 2012

0 Responses on Security Testing Course Content"

Main Menu