SEC.321 Security Testing Foundation

Basic training for security testing
Duration: 2 days
Cost: € 1576 plus VAT
Requirements: Experience in web technologies
Training Format: Public and in-house training possible

The Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications and their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and how their results are to be dealt with.

Content of Training

  • Introduction
    • Evolution of Cyber-Attacks
    • Attackers & Their Motivation
    • Regulations and Standards
  • Preparation
    • Basic Risk Assessment
    • Identify System Architecture
    • Define Scope
    • Preparing the Test Environment
  • Security-Testing for Cryptography
    • Encryption
    • Hashs
    • Digital Signature
  • Security-Testing for Web-Applications
    • Cross Site Scripting
    • Cross Site Request Forgery
    • SQL Injections
    • Session Attacks
    • Brute forcing
    • Path Traversal
    • Replay Attacks
  • Security-Testing for Authentication
    • Authentication Schemas
    • SQL Injection
    • Cross Site Scripting
    • Brute-forcing Attacks
    • Pass the Hash
  • Security-Testing of own Proprietary Interfaces
    • Fuzzing
    • Interactive Testing Tools
  • Security-Testing for System Hardening
    • System Hardening
    • Discovery Tools
    • Automated Vulnerability Scanning
    • Configuration Testing
  • Result Collecting and Reporting
    • Management Overview
    • What Information Matters
    • How to Handle Reports

After the training the participants should

  • understand how attacks work and start thinking like an attacker.
  • know how to use automated testing tools to efficiently cover recurring test cases.
  • be capable to document identified vulnerabilities in a meaningful way to facilitate traceability and re-testing.

Upon Request

Are you interested in a SEC.321 Security Testing Foundation Training? Contact us!

Request Training