Skip to main content

Security Testing Foundation

Basic training for security testing
Duration: 2 days
Cost/Participant: € 1.540,- plus VAT
Minimum number of participants: 8 people
Requirements: Experience in web technologies
Training Format: Public and in-house training possible

The Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications. Their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and we discuss how to deal with their results. The training can also be provided with a focus on security testing for embedded devices. The web topics are then replaced by relevant security testing topics from firmware, hardware and system hardening, as well as content for testing proprietary protocols and interfaces.

Content of Training

  • Introduction
    • Guidelines and standards
    • Threat modeling
    • Definition of scope and test cases
    • Preparation of the testing environment
  • Security testing for cryptography
    • Encryption
    • Hashes
    • Digital signatures
    • TLS
  • Security testing for web applications
    • OWASP Top 10 and OWASP ASVS
    • Testing with Burp Suite
    • Other tools for web application testing
  • Security testing for mobile applications
    • Exposed components
    • Locally stored data
  • Security testing for authentication
    • Bypassing authentication schemes
    • Brute-forcing attacks
    • Directory traversal attacks
    • Privilege escalations
  • Security testing of propriety interfaces and protocols
    • Fuzzing
    • Analysis and testing tools
  • Security testing for system hardnening
    • System hardening
    • Discovery tools
    • Automatic vulnerability scans
    • Configuration testing
  • Collection and processing of results
    • What information is important?
    • Vulnerability management

After the training, participants should

  • understand how attacks work and start thinking like an attacker.
  • be able to use automated testing tools to efficiently cover recurring test cases.
  • be able to document identified vulnerabilities in a meaningful way to facilitate tracking and retesting.

Upon Request

Are you interested in a SEC.321 Security Testing Foundation Training? Contact us!

Request Training