1 year of Security Testing Subscription includes:

Trainer : Mahesh

Karthik Kosireddi (Personal Profile) : Software professional with experience in many reputed companies both as techie and admin. A trainer, enjoying the reputation of creating hundreds of software testing experts around the world.

Security Testing Course Content

  • Chapter 1: Introduction to Security Testing
  • Why Security Testing? Brief history and Examples
    Career opportunities and Skill Development

  • Chapter 2. Http Protocol Basics
  • Header and Body
    Requests
    Responses – Status Codes

  • Chapter 3. How https works
  • How different from Http
    SSL and Set up
    Limitation

  • Chapter 4. Encoding
  • Introduction
    Charsets
    Charset Vs Charset Encoding
    URL Encoding
    HTML Encoding
    Base 64

  • Chapter 5. Same Origin
  • Introduction to Same Origin
    How SOP Works
    What does SOP Protect from?
    Examples and Exceptions

  • Chapter 6. Cookies
  • Introduction
    Use of Cookies
    Types of Cookies

  • Chapter 7. Penetration Testing Process
  • Introduction
    Threat Modeling
    Methodologies
    PTES
    OSSTMM
    OWASP Testing Techniques

  • Chapter 8. The Basic CIA Triad
  • Authentication
    Authorization
    Confidentiality
    Integrity
    Non Repudiation/Accountability
    Availability

  • Chapter 9. Web application proxy usage Lab Session:
  • What is Proxy Server? How it works
    Burp Suite Configuration
    Understanding the Http Request and Response using Burp Suite
    Http Splitting
    Cryptography and Password Cracking
    Information Gathering

  • Chapter 10.Understanding OWASP Top 10 Security Threats:
  • Injection
    Broken Authentication and Session Management
    Cross-Site Scripting (XSS)
    Insecure Direct Object References
    Security Misconfiguration
    Sensitive Data Exposure
    Missing Function Level Access Control
    Cross-Site Request Forgery (CSRF)
    Using Known Vulnerable Components
    Unvalidated Redirects and Forwards

  • Chapter 11.Hands On Sessions:
  • Access Control Flaws
    Bypass a Path Based Access Control Scheme
    Role Based Access Control
    Remote Admin Access
    AJAX Security
    Authentication Flaws
    Various authentication flaws
    Forgot Password Exercises
    Buffer Overflows
    Concurrency
    Thread safety Issues
    Handling Concurrency Flaws
    Cross-Site Scripting (XSS)
    Stored XSS Attacks
    Reflected XSS
    Cross Site Request Forgery
    CSRF Prompt and Token ByPass
    Improper Error Handling
    Injection Flaws
    SQL Injection
    Xpath Injection
    Denial of Service
    Insecure Communication
    Insecure Configuration
    Insecure Storage
    Malicious Execution
    Parameter Tampering
    Hidden Variables
    URLs
    Form Data
    Session Management Flaws
    Session Hijacking
    Session Fixation
    Cookie Spoofing
    Advanced Web Attacks – Web Services
    WSDL Scanning
    Web Services – SAX

  • Chapter 12.Injection
  • Web Services – SQL Injection

  • Exploring Open Source Security Testing Tools
  • Challenge Round – Perform Penetration Testing on a given sample Application

  • coming soon

  • Coming Soon

No. It is recommended to have a hands on experience on either manual or automation testing.

We deal with web application security testing only. we don’t deal with infrastructure or network security.

Each topic has got two parts – theory and hands on. We also have a challenge round at the end of the session which would be done by the participant them-self.

+ Burp suite
+ NTO SQL Invader
+ Havij
+ Mozilla Plugins – Tamper me, firebug, firepath

Yes. The concepts are dealt exhaustively which will help the testers to perform security testing in their organization.

Yes. The sample application can be installed in Linux as well.

+ Ensure that there are no applications running on the port where we would be installing. Let us say we want to install the app in port (5151)
+ If you have a web sever in your system then install the app on the existing web server itself.
+ Bring up Burp Suite on a different port -(say 8080 – which no other app uses it) and make it to listen to the application port number(port# 5151)
+ Launch the application using the URL http://localhost:5151/WebGoat/attack

Yes. Here are few references.
Damn Vulnerable Web Application based on PHP/MySQ – http://dvwa.co.uk/
OWASP InsecureWebApp based on JAVA – http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
hackxor based on Perl(CGI) – http://hackxor.sourceforge.net/cgi-bin/index.pl
Hacme Travel based on C++ (application client-server) – http://www.mcafee.com/us/downloads/free-tools/index.aspx

here are lot in the market which deal with webapp – security testing : Below are the suggested ones :
+ The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal , Lucas Nelson , Dino Dai Zovi , Elfriede Dustin
+ How to Break Web Software: Functional and Security Testing of Web Applications and Web Services.by Mike Andrews , James A. Whittaker
+ Web Security Testing Cookbook – by Paco Hope, Ben Walther
+ The Web Application Hacker’s Handbook – John Wiley & Sons
+ PROFESSIONAL PEN TESTING FOR WEB APPLICATIONS – Andres Andreu

  • Member Testimonials

    Monica Bharadwaj

    Hope you remember me was a part of this session great video karthik learned a lot from your videos-Continue the good work
    2017-06-30T12:26:31+00:00
    Hope you remember me was a part of this session great video karthik learned a lot from your videos-Continue the good work

    Devasena Radhakrishnan

    Firstly Thank you very much Karthik, Manoj and Shankar of ITeLearn Group. I joined ITelearn during April2016 to enhance my knowledge in Test Automation areas.... Read More
    2017-08-07T06:07:49+00:00
    Firstly Thank you very much Karthik, Manoj and Shankar of ITeLearn Group. I joined ITelearn during April2016 to enhance my knowledge in Test Automation areas. I went through QTP, Selenium and SoapUI. Also went through some free videos in other areas of myinterest. Surely it a great service from ITelearn group and I benefited a lot from it.

    Lakshmi Manohari Sorapalli

    The videos I have gone through till now were really good with detailed information and I also liked the way Karthik explains the subject.
    2017-06-30T11:48:02+00:00
    The videos I have gone through till now were really good with detailed information and I also liked the way Karthik explains the subject.

    Rene Gabor

    “I went to New Delhi (from Sydney) to attend a Java Hibernate course. Thousand dollars in course fees and air fares and other expenditures were... Read More
    2017-06-30T12:00:49+00:00
    “I went to New Delhi (from Sydney) to attend a Java Hibernate course. Thousand dollars in course fees and air fares and other expenditures were outlayed. Having stated this, it is my first time to try an Online Video Course (with reasonable cost) and soon realised the ITeLearn Selenium videos has the best explanations of concepts and examples were superbly presented. So clear that I took screen shots and took notes of every important points and into my USB, which I will take with me to my next contract engagement, as my quick reference. Karthik and Team members of ITeLearn, thanks very much indeed”.

    Mariyappan R

    Excellent training for beginners..Way of teaching is awesome..Thank you karthik...Please upload all videos...
    2017-06-30T12:18:25+00:00
    Excellent training for beginners..Way of teaching is awesome..Thank you karthik...Please upload all videos...
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *