Duration: 2 days
Cost: € 1576 plus VAT
Training Format: Public and in-house training possible
The Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications and their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and how their results are to be dealt with.
Content of Training
- Guidelines and standards
- Threat modeling
- Definition of scope and test cases
- Preparation of the testing environment
- Security testing for cryptography
- Digital signatures
- Security testing for web applications
- OWASP Top 10 and OWASP ASVS
- Testing with Burp Suite
- Other tools for web application testing
- Security testing for mobile applications
- Exposed components
- Locally stored data
- Security testing for authentication
- Bypassing authentication schemes
- Brute-forcing attacks
- Directory traversal attacks
- Privilege escalations
- Security testing of propriety interfaces and protocols
- Analysis and testing tools
- Security testing for system hardnening
- System hardening
- Discovery tools
- Automatic vulnerability scans
- Configuration testing
- Collection and processing of results
- What information is important?
- Vulnerability management
After the training the participants should
- understand how attacks work and start thinking like an attacker.
- know how to use automated testing tools to efficiently cover recurring test cases.
- be capable to document identified vulnerabilities in a meaningful way to facilitate traceability and re-testing.