1 year of Security Testing Subscription includes:

Trainer : Mahesh

Karthik Kosireddi (Personal Profile) : Software professional with experience in many reputed companies both as techie and admin. A trainer, enjoying the reputation of creating hundreds of software testing experts around the world.

Security Testing Course Content

  • Chapter 1: Introduction to Security Testing
  • Why Security Testing? Brief history and Examples
    Career opportunities and Skill Development

  • Chapter 2. Http Protocol Basics
  • Header and Body
    Requests
    Responses – Status Codes

  • Chapter 3. How https works
  • How different from Http
    SSL and Set up
    Limitation

  • Chapter 4. Encoding
  • Introduction
    Charsets
    Charset Vs Charset Encoding
    URL Encoding
    HTML Encoding
    Base 64

  • Chapter 5. Same Origin
  • Introduction to Same Origin
    How SOP Works
    What does SOP Protect from?
    Examples and Exceptions

  • Chapter 6. Cookies
  • Introduction
    Use of Cookies
    Types of Cookies

  • Chapter 7. Penetration Testing Process
  • Introduction
    Threat Modeling
    Methodologies
    PTES
    OSSTMM
    OWASP Testing Techniques

  • Chapter 8. The Basic CIA Triad
  • Authentication
    Authorization
    Confidentiality
    Integrity
    Non Repudiation/Accountability
    Availability

  • Chapter 9. Web application proxy usage Lab Session:
  • What is Proxy Server? How it works
    Burp Suite Configuration
    Understanding the Http Request and Response using Burp Suite
    Http Splitting
    Cryptography and Password Cracking
    Information Gathering

  • Chapter 10.Understanding OWASP Top 10 Security Threats:
  • Injection
    Broken Authentication and Session Management
    Cross-Site Scripting (XSS)
    Insecure Direct Object References
    Security Misconfiguration
    Sensitive Data Exposure
    Missing Function Level Access Control
    Cross-Site Request Forgery (CSRF)
    Using Known Vulnerable Components
    Unvalidated Redirects and Forwards

  • Chapter 11.Hands On Sessions:
  • Access Control Flaws
    Bypass a Path Based Access Control Scheme
    Role Based Access Control
    Remote Admin Access
    AJAX Security
    Authentication Flaws
    Various authentication flaws
    Forgot Password Exercises
    Buffer Overflows
    Concurrency
    Thread safety Issues
    Handling Concurrency Flaws
    Cross-Site Scripting (XSS)
    Stored XSS Attacks
    Reflected XSS
    Cross Site Request Forgery
    CSRF Prompt and Token ByPass
    Improper Error Handling
    Injection Flaws
    SQL Injection
    Xpath Injection
    Denial of Service
    Insecure Communication
    Insecure Configuration
    Insecure Storage
    Malicious Execution
    Parameter Tampering
    Hidden Variables
    URLs
    Form Data
    Session Management Flaws
    Session Hijacking
    Session Fixation
    Cookie Spoofing
    Advanced Web Attacks – Web Services
    WSDL Scanning
    Web Services – SAX

  • Chapter 12.Injection
  • Web Services – SQL Injection

  • Exploring Open Source Security Testing Tools
  • Challenge Round – Perform Penetration Testing on a given sample Application

  • coming soon

  • Coming Soon

No. It is recommended to have a hands on experience on either manual or automation testing.

We deal with web application security testing only. we don’t deal with infrastructure or network security.

Each topic has got two parts – theory and hands on. We also have a challenge round at the end of the session which would be done by the participant them-self.

+ Burp suite
+ NTO SQL Invader
+ Havij
+ Mozilla Plugins – Tamper me, firebug, firepath

Yes. The concepts are dealt exhaustively which will help the testers to perform security testing in their organization.

Yes. The sample application can be installed in Linux as well.

+ Ensure that there are no applications running on the port where we would be installing. Let us say we want to install the app in port (5151)
+ If you have a web sever in your system then install the app on the existing web server itself.
+ Bring up Burp Suite on a different port -(say 8080 – which no other app uses it) and make it to listen to the application port number(port# 5151)
+ Launch the application using the URL http://localhost:5151/WebGoat/attack

Yes. Here are few references.
Damn Vulnerable Web Application based on PHP/MySQ – http://dvwa.co.uk/
OWASP InsecureWebApp based on JAVA – http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
hackxor based on Perl(CGI) – http://hackxor.sourceforge.net/cgi-bin/index.pl
Hacme Travel based on C++ (application client-server) – http://www.mcafee.com/us/downloads/free-tools/index.aspx

here are lot in the market which deal with webapp – security testing : Below are the suggested ones :
+ The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal , Lucas Nelson , Dino Dai Zovi , Elfriede Dustin
+ How to Break Web Software: Functional and Security Testing of Web Applications and Web Services.by Mike Andrews , James A. Whittaker
+ Web Security Testing Cookbook – by Paco Hope, Ben Walther
+ The Web Application Hacker’s Handbook – John Wiley & Sons
+ PROFESSIONAL PEN TESTING FOR WEB APPLICATIONS – Andres Andreu

  • Member Testimonials

    Testmonial 2

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam vitae imperdiet neque, nec elementum diam. Integer vel libero nunc. Vestibulum enim eros, tincidunt non dignissim... Read More
    2017-08-01T09:56:08+00:00
    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam vitae imperdiet neque, nec elementum diam. Integer vel libero nunc. Vestibulum enim eros, tincidunt non dignissim eu, aliquam eu libero. Nulla scelerisque, mi ac laoreet facilisis, nisl nulla tristique mi, non laoreet est nisl sit amet velit.

    Khurram Mehmood

    Awesome!! I actually felt like in a class, superb presentation
    2017-06-30T12:40:27+00:00
    Awesome!! I actually felt like in a class, superb presentation

    Divya M

    "I got a full time offer at Availity and today was my first day there .First of all I have to thank You all for... Read More
    2017-06-30T12:44:12+00:00
    "I got a full time offer at Availity and today was my first day there .First of all I have to thank You all for all the classes and the projects which gave me immense confidence because of which I am here.Also I would like to thank you all for the extra effort for providing reference for my work with Atomic77. Thank you Karthik,Manoj & Saqib for always insisting on practice.During my interview,the moment I started talking in detail about developing keyword driven framework which I worked on at SLP project, I guess the interview panel were almost sure their search has ended. I would definitely suggest ITelearn to my friends who are looking to learn things in the right way.Being a part of your learning experience not only teaches us confidence but most importantly teaches us to learn and debug anything the right way...I will always be Thankful to ITelearn team and will continue attending few of your ongoing courses. Thanks again and I wish ITelearn to spread more confidence and happiness to all its attendees..Will keep in touch. "

    Ramakrishna rao angara

    The session is very good and informative and easily understandable even the person who do not have IT knowledge as the given examples make the... Read More
    2017-06-30T11:51:49+00:00
    The session is very good and informative and easily understandable even the person who do not have IT knowledge as the given examples make the participant to under stand the topic very well. I am not exaggerating but this is real.

    Prasad Mysore

    Karthik, I feel I am behind your shoulder and learning the job. I cannot wait my status to get so that I  can enroll... Read More
    2017-06-30T12:19:22+00:00
    Karthik, I feel I am behind your shoulder and learning the job. I cannot wait my status to get so that I  can enroll in your training program. 3 of my friends are joining for your program on my suggestion.Kudos to your knowledge tranfer. According to my survey on QA training, yours is one stop learn.Thanks for free videos.
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *