Duration: 2 days
Cost: € 1548 plus VAT
Requirements: Experience in web technologies
Training Format: Public and in-house training possible
The Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications and their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and how their results are to be dealt with.
Content of Training
- Introduction
- Evolution of Cyber-Attacks
- Attackers & Their Motivation
- Regulations and Standards
- Preparation
- Basic Risk Assessment
- Identify System Architecture
- Define Scope
- Preparing the Test Environment
- Security-Testing for Cryptography
- Encryption
- Hashs
- Digital Signature
- Security-Testing for Web-Applications
- Cross Site Scripting
- Cross Site Request Forgery
- SQL Injections
- Session Attacks
- Brute forcing
- Path Traversal
- Replay Attacks
- Security-Testing for Authentication
- Authentication Schemas
- SQL Injection
- Cross Site Scripting
- Brute-forcing Attacks
- Pass the Hash
- Security-Testing of own Proprietary Interfaces
- Fuzzing
- Interactive Testing Tools
- Security-Testing for System Hardening
- System Hardening
- Discovery Tools
- Automated Vulnerability Scanning
- Configuration Testing
- Result Collecting and Reporting
- Management Overview
- What Information Matters
- How to Handle Reports
After the training the participants should
- understand how attacks work and start thinking like an attacker.
- know how to use automated testing tools to efficiently cover recurring test cases.
- be capable to document identified vulnerabilities in a meaningful way to facilitate traceability and re-testing.
Upon Request
Are you interested in a SEC.321 Security Testing Foundation Training? Contact us!