Limes Academy / Security Engineering Training / SEC.321 Security Testing Foundation

SEC.321 Security Testing Foundation

Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications and their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and how their results are to be dealt with.

The training is particularly recommended for

software testers who want to get an insight on the basics of software testing with a focus on security aspects.

The training in a nutshell

  • Ideal entry-level training for security software testing
  • Duration: 2 days
  • Course Language: German or English
  • Requirements: No previous knowledge, own notebook necessary
  • Completion with certificate of participation
  • Public and in-house training possible

Content of training

The participants can expect the following content for the selected training:

Day 1

  • Introduction
    • Evolution of Cyber-Attacks
    • Attackers & Their Motivation
    • Regulations and Standards
  • Preparation
    • Basic Risk Assessment
    • Identify System Architecture
    • Define Scope
    • Preparing the Test Environment
  • Security-Testing for Cryptography
    • Encryption
    • Hashs
    • Digital Signature
  • Security-Testing for Web-Applications
    • Cross Site Scripting
    • Cross Site Request Forgery
    • SQL Injections
    • Session Attacks
    • Brute forcing
    • Path Traversal
    • Replay Attacks

Day 2

  • Security-Testing for Authentication
    • Authentication Schemas
    • SQL Injection
    • Cross Site Scripting
    • Brute-forcing Attacks
    • Pass the Hash
  • Security-Testing of own Proprietary Interfaces
    • Fuzzing
    • Interactive Testing Tools
  • Security-Testing for System Hardening
    • System Hardening
    • Discovery Tools
    • Automated Vulnerability Scanning
    • Configuration Testing
  • Result Collecting and Reporting
    • Management Overview
    • What Information Matters
    • How to Handle Reports

After the training the participants should…

  • understand how attacks work and start thinking like an attacker.
  • know how to use automated testing tools to efficiently cover recurring test cases.
  • be capable to document identified vulnerabilities in a meaningful way to facilitate traceability and re-testing.


SEC.321 Security Testing Foundation



for a baseline in security testing

Dates and registration

22 February 2021
24 February 2021

SEC.322 Wireless Security

24. February - 25. February