FOR ALL COURSES     Upcoming Class

Apply For   Super 5   Jobs

Security Testing


Security Testing Course?

Web applications are ubiquitous and plentiful. In fact, the Web is the de facto delivery mechanism for both consumer-grade and business-critical functionality these days. As such, the Web is also the most common vector for application-level attacks. To stave off these attacks, companies must build security into their applications during development. Security-related activities that occur early in the SDLC such as architecture risk analysis and secure code review can help prevent many vulnerabilities, but coding errors are inevitable. Web security testing lets organizations find these errors, correct them, and verify that applications meet their required security criteria. Web security testing requires intricate knowledge of what to test for and how to test it. Without the appropriate breadth and depth, your testing efforts will fail to identify the most important vulnerabilities.

Course description

Practitioners should possess the following skills:

    Comprehension of All kind of Web attacks and security/Penetration testing tools
    Practical knowledge of rigorous and systematic software Security testing methodologies
    Ability to think like an attacker
    Ability to determine risk and communicate findings

This course:

    Provides the advance knowledge and experience needed to start performing Web security testing
    Teaches you how to uncover the most important types of Web application vulnerabilities

OBJECTIVES : At the end of this course, you will be able to:

    Comprehend the basics of the HTTP protocol and other Web-related technologies and standards
    Use tools for intercepting and modifying HTTP traffic
    Develop test strategies and execute tests to uncover the most important types of Web application vulnerabilities
    Communicate findings to developers and management to ensure that relevant findings are properly addressed

Course Content: Full Syllabus:
1. About Web Application Penetration and security testing

    a. what is security testing
    b. Need of Security
    c. Diff bw black/Grey/White Hat hackers
    d. Types of WebApp Security Testing

2. OWASP

    a. About OWASP
    b. OWASP Attacks
    c. OWASP Vulnerabilities
    d. OWASP Guide

3. In-depth Practice of Attacking and Exploiting Tools

    a. About Manual Penetration Testing
    b. Tools for Manual Security Testing
    c. Attacking mechanisms using Burp Suite Professional
    d. Detail Attacking using Acunetix
    e. NMAP webapp attack

4. Information Gathering and Active/Passive Recon

    a. Corporate Espionage
    b. Dumpster Diving
    c. Techniques of Active Recon
    d. Techniques of Passive Recon

5. Attacks on Authentication and Authorization
Authentication:

    a. Bruteforce
    b.Insufficient Authentication
    c.Weak Password Recovery Validation

Authorization:

    a.Credential/Session Prediction
    b. Insufficient Authorization
    c. Insufficient Session Expiration
    d. Session Fixation

6. All Injections(SQLI, RFI, LFI, etc)

    a. SQL Injection
    b. Command Injection
    c. RFI
    d. LFI
    e. SSI
    f. Buffer Overflow
    e. Format String Attack
    f. LDAP Injection

7. XSS Attacks

    a. Dom Based XSS
    b. Refelected XSS
    c. Stored XSS

8. Insecure Direct Object References

    a. Directory Traversal attack
    b. Non Sudo vs Sudo
    c. Database Parsing Attacks

9. Security Misconfiguration

    a. Software Management
    b. Port Detailing
    c. Default channels/gateways

10. Sensitive Data Exposure

    a. Client Side vs Server Side Encryption
    b. Encoding vs Encryption
    c. Crypto Keys Management
    d. Confidential/Sensitive Data Management in DB

11. Missing Function Level Access Control

    a. Privilege Escalation
    b. Multitenancy Failure
    c. Horizonatal vs Vertical PE

12. CSRF Attack

    a. Pre Authentication Attacks
    b. Post Authentication Attacks
    c. Get vs Post

13. Finding Vulnerability in Application Components

    a. Component Validation checks
    b. AWS vs Firehost

14. Redirection attacks

    a. Integration bypass attacks

15. Reverse Engg

    a. One Click Reversing
    b. Resource Exploring

16. Hands-on Attack in Real world Applications
17. Interview preparation


Reviews

No reviews found!

 8010805667

 info@4achievers.com

Enquiry

X
Ask for Demo
X
Get Call Back From 4Achiever