1 year of Security Testing Subscription includes:

Trainer : Mahesh

Karthik Kosireddi (Personal Profile) : Software professional with experience in many reputed companies both as techie and admin. A trainer, enjoying the reputation of creating hundreds of software testing experts around the world.

Security Testing Course Content

  • Chapter 1: Introduction to Security Testing
  • Why Security Testing? Brief history and Examples
    Career opportunities and Skill Development

  • Chapter 2. Http Protocol Basics
  • Header and Body
    Requests
    Responses – Status Codes

  • Chapter 3. How https works
  • How different from Http
    SSL and Set up
    Limitation

  • Chapter 4. Encoding
  • Introduction
    Charsets
    Charset Vs Charset Encoding
    URL Encoding
    HTML Encoding
    Base 64

  • Chapter 5. Same Origin
  • Introduction to Same Origin
    How SOP Works
    What does SOP Protect from?
    Examples and Exceptions

  • Chapter 6. Cookies
  • Introduction
    Use of Cookies
    Types of Cookies

  • Chapter 7. Penetration Testing Process
  • Introduction
    Threat Modeling
    Methodologies
    PTES
    OSSTMM
    OWASP Testing Techniques

  • Chapter 8. The Basic CIA Triad
  • Authentication
    Authorization
    Confidentiality
    Integrity
    Non Repudiation/Accountability
    Availability

  • Chapter 9. Web application proxy usage Lab Session:
  • What is Proxy Server? How it works
    Burp Suite Configuration
    Understanding the Http Request and Response using Burp Suite
    Http Splitting
    Cryptography and Password Cracking
    Information Gathering

  • Chapter 10.Understanding OWASP Top 10 Security Threats:
  • Injection
    Broken Authentication and Session Management
    Cross-Site Scripting (XSS)
    Insecure Direct Object References
    Security Misconfiguration
    Sensitive Data Exposure
    Missing Function Level Access Control
    Cross-Site Request Forgery (CSRF)
    Using Known Vulnerable Components
    Unvalidated Redirects and Forwards

  • Chapter 11.Hands On Sessions:
  • Access Control Flaws
    Bypass a Path Based Access Control Scheme
    Role Based Access Control
    Remote Admin Access
    AJAX Security
    Authentication Flaws
    Various authentication flaws
    Forgot Password Exercises
    Buffer Overflows
    Concurrency
    Thread safety Issues
    Handling Concurrency Flaws
    Cross-Site Scripting (XSS)
    Stored XSS Attacks
    Reflected XSS
    Cross Site Request Forgery
    CSRF Prompt and Token ByPass
    Improper Error Handling
    Injection Flaws
    SQL Injection
    Xpath Injection
    Denial of Service
    Insecure Communication
    Insecure Configuration
    Insecure Storage
    Malicious Execution
    Parameter Tampering
    Hidden Variables
    URLs
    Form Data
    Session Management Flaws
    Session Hijacking
    Session Fixation
    Cookie Spoofing
    Advanced Web Attacks – Web Services
    WSDL Scanning
    Web Services – SAX

  • Chapter 12.Injection
  • Web Services – SQL Injection

  • Exploring Open Source Security Testing Tools
  • Challenge Round – Perform Penetration Testing on a given sample Application

  • coming soon

  • Coming Soon

No. It is recommended to have a hands on experience on either manual or automation testing.

We deal with web application security testing only. we don’t deal with infrastructure or network security.

Each topic has got two parts – theory and hands on. We also have a challenge round at the end of the session which would be done by the participant them-self.

+ Burp suite
+ NTO SQL Invader
+ Havij
+ Mozilla Plugins – Tamper me, firebug, firepath

Yes. The concepts are dealt exhaustively which will help the testers to perform security testing in their organization.

Yes. The sample application can be installed in Linux as well.

+ Ensure that there are no applications running on the port where we would be installing. Let us say we want to install the app in port (5151)
+ If you have a web sever in your system then install the app on the existing web server itself.
+ Bring up Burp Suite on a different port -(say 8080 – which no other app uses it) and make it to listen to the application port number(port# 5151)
+ Launch the application using the URL http://localhost:5151/WebGoat/attack

Yes. Here are few references.
Damn Vulnerable Web Application based on PHP/MySQ – http://dvwa.co.uk/
OWASP InsecureWebApp based on JAVA – http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
hackxor based on Perl(CGI) – http://hackxor.sourceforge.net/cgi-bin/index.pl
Hacme Travel based on C++ (application client-server) – http://www.mcafee.com/us/downloads/free-tools/index.aspx

here are lot in the market which deal with webapp – security testing : Below are the suggested ones :
+ The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal , Lucas Nelson , Dino Dai Zovi , Elfriede Dustin
+ How to Break Web Software: Functional and Security Testing of Web Applications and Web Services.by Mike Andrews , James A. Whittaker
+ Web Security Testing Cookbook – by Paco Hope, Ben Walther
+ The Web Application Hacker’s Handbook – John Wiley & Sons
+ PROFESSIONAL PEN TESTING FOR WEB APPLICATIONS – Andres Andreu

  • Member Testimonials

    kk1780

    im just starting outand love your videos. I did a short practical course and now want work. Do you find beginners get work easily? or... Read More
    2017-06-30T12:30:33+00:00
    im just starting outand love your videos. I did a short practical course and now want work. Do you find beginners get work easily? or is it really hard at the moment?

    Julie Oelker (Indianapolis, IN USA)

    I found Karthik through a Google search and have started watching my first video on automation. I plan to subscribe. Great teaching! Thanks for what... Read More
    2017-06-30T12:02:37+00:00
    I found Karthik through a Google search and have started watching my first video on automation. I plan to subscribe. Great teaching! Thanks for what you do. You will advance my QA career, which I truly appreciate.

    satish.maddala Kumar

    Very Very Thanks For Your Valuable Information.......
    2017-06-30T12:33:38+00:00
    Very Very Thanks For Your Valuable Information.......

    Victor Crown

    Wow ... Idiots like me can learn so easily from your instruction ... Hi-Five Kartik .... 10/10 Rating for your videos.
    2017-06-30T12:15:03+00:00
    Wow ... Idiots like me can learn so easily from your instruction ... Hi-Five Kartik .... 10/10 Rating for your videos.

    Sam Koduri

    We learned a lot from this live project.Now we know how to interact with team, face challenges and how to solve, project approach, time lines........ Read More
    2017-08-07T06:56:00+00:00
    We learned a lot from this live project.Now we know how to interact with team, face challenges and how to solve, project approach, time lines..... everything. Thank you for let me in and completed this project.
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *