About the Course
Program Overview & Objectives:
This "Web Application Security Testing Course" is specifically designed for QA / Testing folks with or without any knowledge about security testing.
Web Security Overview, Different Websecurity standarads, Different Websecurity standarads, Different Websecurity standarads, Typical Websecurity vulnerabilities. Injection Vulnerabilites, Cross Site Vulnerabilities, Security Remediation - SDLC Process flow, Web Security vulnerabilities Remediation Methods & Techniques, Scanning and Testing Approach/Process, Web Security Scanning and Testing Approach with usage of different tools.
This program will help in gaining a good understanding and knowledge as to how security testing of Web Applications is carried out.
Topics CoveredProgram Contents:
1. Web Security Overview
2. Different WebSecurity Standards
3. Typical Websecurity Vulnerabilities
• Broken Authentication & session management, Broken Access control, Injection Flaws, Cross Site Scripting, Cross Site Request Forgery, Hidden Field Manipulation, Insecure Storage, Improper session and cookie management, Denial of service, Insecure configuration, Transport level vulnerabilities.
4. Injection Vulnerabilites
• SQL Injection Vulnerabilites, Xpath injection vulnerabilities, Command injection vulnerabilities, XXE injection vulnerabilities, LDAP injection vulnerabilities. Setting and Parsing Cookies Vulnerabilities.
5. Cross Site Vulnerabilities
• Cross Site Scripting vulnerabilities, Cross Site Request Forgery vulnerabilities. Input validation Flaws vulnerabilities, Buffer Overflow Flaws vulnerabilities, Improper Error/Exception Handling vulnerabilities, Improper Access Management vulnerabilities, Denial of Service Vulnerabilities. Improper configuration vulnerabilities.
6. Web Security Vulnerabilities Remediation Methods & Techniques
7. Security Scanning and Testing
• Security Vulnerability Scans and Code Review objective
8. Scanning and Testing Approach/Process
• Security Vulnerability scanning and Testing, Penetration Testing,Manual Vulnerability Testing, Manual Vulnerability Testing
9. Web Security Scanning and Testing Approach with usage of different tools
10. Unit Testing Using Different Web Security Testing tools
• Security Testing Tools
Who should attend• The Workshop is specific to QA / Testing folks, any Manual Tester or Automation Tester with or without any knowledge about Security Testing of Web Applications.
Pre-requisites• Participants should have a basic idea of Web Applications.
What you need to bringNA