1 year of Security Testing Subscription includes:

Trainer : Mahesh

Karthik Kosireddi (Personal Profile) : Software professional with experience in many reputed companies both as techie and admin. A trainer, enjoying the reputation of creating hundreds of software testing experts around the world.

Security Testing Course Content

  • Chapter 1: Introduction to Security Testing
  • Why Security Testing? Brief history and Examples
    Career opportunities and Skill Development

  • Chapter 2. Http Protocol Basics
  • Header and Body
    Requests
    Responses – Status Codes

  • Chapter 3. How https works
  • How different from Http
    SSL and Set up
    Limitation

  • Chapter 4. Encoding
  • Introduction
    Charsets
    Charset Vs Charset Encoding
    URL Encoding
    HTML Encoding
    Base 64

  • Chapter 5. Same Origin
  • Introduction to Same Origin
    How SOP Works
    What does SOP Protect from?
    Examples and Exceptions

  • Chapter 6. Cookies
  • Introduction
    Use of Cookies
    Types of Cookies

  • Chapter 7. Penetration Testing Process
  • Introduction
    Threat Modeling
    Methodologies
    PTES
    OSSTMM
    OWASP Testing Techniques

  • Chapter 8. The Basic CIA Triad
  • Authentication
    Authorization
    Confidentiality
    Integrity
    Non Repudiation/Accountability
    Availability

  • Chapter 9. Web application proxy usage Lab Session:
  • What is Proxy Server? How it works
    Burp Suite Configuration
    Understanding the Http Request and Response using Burp Suite
    Http Splitting
    Cryptography and Password Cracking
    Information Gathering

  • Chapter 10.Understanding OWASP Top 10 Security Threats:
  • Injection
    Broken Authentication and Session Management
    Cross-Site Scripting (XSS)
    Insecure Direct Object References
    Security Misconfiguration
    Sensitive Data Exposure
    Missing Function Level Access Control
    Cross-Site Request Forgery (CSRF)
    Using Known Vulnerable Components
    Unvalidated Redirects and Forwards

  • Chapter 11.Hands On Sessions:
  • Access Control Flaws
    Bypass a Path Based Access Control Scheme
    Role Based Access Control
    Remote Admin Access
    AJAX Security
    Authentication Flaws
    Various authentication flaws
    Forgot Password Exercises
    Buffer Overflows
    Concurrency
    Thread safety Issues
    Handling Concurrency Flaws
    Cross-Site Scripting (XSS)
    Stored XSS Attacks
    Reflected XSS
    Cross Site Request Forgery
    CSRF Prompt and Token ByPass
    Improper Error Handling
    Injection Flaws
    SQL Injection
    Xpath Injection
    Denial of Service
    Insecure Communication
    Insecure Configuration
    Insecure Storage
    Malicious Execution
    Parameter Tampering
    Hidden Variables
    URLs
    Form Data
    Session Management Flaws
    Session Hijacking
    Session Fixation
    Cookie Spoofing
    Advanced Web Attacks – Web Services
    WSDL Scanning
    Web Services – SAX

  • Chapter 12.Injection
  • Web Services – SQL Injection

  • Exploring Open Source Security Testing Tools
  • Challenge Round – Perform Penetration Testing on a given sample Application

  • coming soon

  • Coming Soon

No. It is recommended to have a hands on experience on either manual or automation testing.

We deal with web application security testing only. we don’t deal with infrastructure or network security.

Each topic has got two parts – theory and hands on. We also have a challenge round at the end of the session which would be done by the participant them-self.

+ Burp suite
+ NTO SQL Invader
+ Havij
+ Mozilla Plugins – Tamper me, firebug, firepath

Yes. The concepts are dealt exhaustively which will help the testers to perform security testing in their organization.

Yes. The sample application can be installed in Linux as well.

+ Ensure that there are no applications running on the port where we would be installing. Let us say we want to install the app in port (5151)
+ If you have a web sever in your system then install the app on the existing web server itself.
+ Bring up Burp Suite on a different port -(say 8080 – which no other app uses it) and make it to listen to the application port number(port# 5151)
+ Launch the application using the URL http://localhost:5151/WebGoat/attack

Yes. Here are few references.
Damn Vulnerable Web Application based on PHP/MySQ – http://dvwa.co.uk/
OWASP InsecureWebApp based on JAVA – http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
hackxor based on Perl(CGI) – http://hackxor.sourceforge.net/cgi-bin/index.pl
Hacme Travel based on C++ (application client-server) – http://www.mcafee.com/us/downloads/free-tools/index.aspx

here are lot in the market which deal with webapp – security testing : Below are the suggested ones :
+ The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal , Lucas Nelson , Dino Dai Zovi , Elfriede Dustin
+ How to Break Web Software: Functional and Security Testing of Web Applications and Web Services.by Mike Andrews , James A. Whittaker
+ Web Security Testing Cookbook – by Paco Hope, Ben Walther
+ The Web Application Hacker’s Handbook – John Wiley & Sons
+ PROFESSIONAL PEN TESTING FOR WEB APPLICATIONS – Andres Andreu

  • Member Testimonials

    Roopa Patil

    This is Roopa Patil here. I had purchased QTP and Selenium videos from you in the month of Aug and Sep 2012. I had 7... Read More
    2017-06-27T11:52:39+00:00
    This is Roopa Patil here. I had purchased QTP and Selenium videos from you in the month of Aug and Sep 2012. I had 7 years of gap after my engineering, still with your video's I got job in GE health care as SDET. I would like to thank you for this and I am very grateful to you.

    Shubhra Pandey

    the trainer is so clear .Even the words he has used is simple and clearly understandable :)..Thanks for the good work.:)
    2017-06-30T12:07:50+00:00
    the trainer is so clear .Even the words he has used is simple and clearly understandable :)..Thanks for the good work.:)

    Allen Jordon

    Really appreciate your command over the subject-Very well explained
    2017-06-30T12:33:54+00:00
    Really appreciate your command over the subject-Very well explained

    pannaty surender kumar

    It instilled me confidence to learn computer education though I do not possess basics in computer
    2017-06-30T12:09:48+00:00
    It instilled me confidence to learn computer education though I do not possess basics in computer

    Patricia Pompei

    "I prefer Indian instructors. You seem to add much more care into the techniques and care about the comprehension of the students. Thank You very... Read More
    2017-06-30T12:08:16+00:00
    "I prefer Indian instructors. You seem to add much more care into the techniques and care about the comprehension of the students. Thank You very much.
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *