Overview
With the increasing complexity of web Application nowadays, it is getting harder to manage applications from the security angle. Loopholes in such web applications have cost millions of dollars resulting from online frauds and scams. To manage information security risk, organizations follow the OWASP standard. This course will help Software Testers understand and implement measures to address security issues of their web applications.
The prime objective of this web security course is to train professionals in the OWASP Testing Framework, which allows them to build and deploy testing processes on their own. Knowledge of the framework will help their organizations in testing web applications to build secure and reliable web applications.
It is suggested that candidates for the Security Test course have practical work experience in the Software Testing field.
Outline
Module 1:
- Introduction
- Famous Security Threats/Hacks
- Why Web Security is Important?
- What is OWASP?
- OWASP Top 10 Vulnerabilities
- IBM Rational App Scan Overview
- Exercises & Workshops
Module 2:
- SQL Injection
- XSS Script
- How To Cover Top 10 Vulnerabilities with Manual Testing
- SQL Inject Me, XSS Me – Firefox Addon
- Netsparker Overview
- Exercises & Workshops
Module 3:
- IBM Rational AppScan in Action
- Netsparker in Action
- Web Security Reports
- Exercises & Workshops
Module 4:
- What is WebGoat?
- What is Fiddler?
- Other Security Training Sites
- Exercises & Workshops
Learning Objectives
- Design, Build and Test Applications for Security
- Ability to Implement Tools and Techniques for Penetration Testing
- Risk Management of Applications Under Test
- Diagnosing the Problem, Recognizing its Impact and Finding Solutions
- Ability to Catch/Report Security Vulnerabilities During the Traditional Testing Process