info@caliberacademy.in
(+91) 7993030801

Security Testing

img

Security Testing

Security Testing Prerequisites: Part 1

Chapter 1: Inside the web application
  • Web Architecture Components
  • HTTP Request and Response
  • Static & Dynamic Web Pages
  • Visible parameters and invisible parameters
  • Authentication & Authorization
  • Session Management
  • http/https communication
  • Web Technologies (Java, .Net, PHP etc...)
  • Server side control
  • Client side control
  • Web Services
  • Question & Answer session
  • Chapter 2: Web application security
  • What is Security
  • Confidentiality, Integrity and Availability
  • Case Studies
  • Security Basics- Threat, Vulnerability, Exploit and etc.
  • Security in SDLC (Design, Development, Testing, Maintenance)
  • Steps of Hacking
  • Vulnerability Assessment and Penetration Testing

Security Testing: Part 2

Chapter 3: Web Application Vulnerabilities
  • OWASP Top 10, 2013
    • A1-Injection
    • A2-Broken Authentication and Session Management
    • A3-Cross-Site Scripting (XSS)
    • A4-Insecure Direct Object References
    • A5-Security Misconfiguration
    • A6-Sensitive Data Exposure
    • A7-Missing Function Level Access Control
    • A8-Cross-Site Request Forgery (CSRF)
    • A9-Using Components with Known Vulnerabilities
    • A10-Unvalidated Redirects and Forwards
  • Mini Project OWASP Testing Guide Check List/other common vulnerabilities:
    • Information Gathering
    • Configuration and Deploy Management Testing
    • Identity Management Testing
    • Authentication Testing
    • Authorization Testing
    • Session Management Testing
    • Data Validation Testing
    • Error Handling
    • Cryptography
    • Business Logic Testing
    • Client Side Testing
    • Brute forcing
    • Cookie poisoning
    Chapter 4: Security Testing Lab
  • Proxies tools (Burp suite, Paros, OWASP ZAP)
  • Kali Linux
  • HP WebInspect/IBM AppScan
  • Chapter 5: Writing Security Testing Report

Security Testing Prerequisites: Part 3

Chapter 6: Security Source Code Review
  • OWASP Source Code Review Guide Checklist
  • HP Fortify Tool
  • Mini Porject
  • Chapter 7: Mobile Application Security
  • Top 10 OWASP Mobile Application Security Risk
  • Mobile Application Security Lab Setup
  • Mini Project
  • Chapter 8: Web Services Security
  • SOAP webservice security
  • REST web service request
  • SOAP UI Tool

Live/Sample Project: Part 4