Skip to main content

Security Testing Foundation

Basic training for security testing
Duration: 2 days
Cost: € 1576 plus VAT
Requirements: Experience in web technologies
Training Format: Public and in-house training possible

The Security Testing Foundation training teaches the basic concepts of security testing. A structured proce-dure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications. Their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and we discuss how to deal with their results.

Content of Training

  • Introduction
    • Guidelines and standards
    • Threat modeling
    • Definition of scope and test cases
    • Preparation of the testing environment
  • Security testing for cryptography
    • Encryption
    • Hashes
    • Digital signatures
    • TLS
  • Security testing for web applications
    • OWASP Top 10 and OWASP ASVS
    • Testing with Burp Suite
    • Other tools for web application testing
  • Security testing for mobile applications
    • Exposed components
    • Locally stored data
  • Security testing for authentication
    • Bypassing authentication schemes
    • Brute-forcing attacks
    • Directory traversal attacks
    • Privilege escalations
  • Security testing of propriety interfaces and protocols
    • Fuzzing
    • Analysis and testing tools
  • Security testing for system hardnening
    • System hardening
    • Discovery tools
    • Automatic vulnerability scans
    • Configuration testing
  • Collection and processing of results
    • What information is important?
    • Vulnerability management

After the training, participants should

  • understand how attacks work and start thinking like an attacker.
  • be able to use automated testing tools to efficiently cover recurring test cases.
  • be able to document identified vulnerabilities in a meaningful way to facilitate tracking and retesting.

Upon Request

Are you interested in a SEC.321 Security Testing Foundation Training? Contact us!

Request Training