Follow Us On

Youtube Google Plus linkedintwitterfacebook

Software Testing

heading

last update : 18/01/2016

Web Security Testing

Event Date Country City Days Price  
    No upcoming event date found      
noc

 

About the Course : 

•The best course available in the market. Compare to believe!

•Comprehensive training on web security testing

•14 hours of in-classroom workshop time, exclusive of lunch/tea breaks

•Late evening extended time provided on request

•Focus on strong fundamentals

•Elaborate coverage of tools and their comparison

•Focus on web security from testing perspective

•15+ Hands-On Exercises

•No assumptions about existing knowledge

•Small batch size of 20 for more involved training.

•Content developed over 3 years by the author.

•Well received by testers as well as developers.

 

Agenda

Trainee Package :

The attendees would be provided with the following:

    Course material

    TesterFox 0.1: A portable FireFox, bundled with 20+ security testing plugins, that I have developed for the attendees

    Portable tools for mind mapping, text editing, text comparison

    Portable web proxies

    Portable Vulnerable app environment for practice

    ( Optional, for corporate workshops, separate charges ) Pre and post-assessment based on objective type or subjective type questions

    ( Optional, for corporate workshops, separate charges ) Post-training on-the-job support for applying the concepts

 

1. Foundations of Web

    The Changing Face of the Web

    How It Was

    How It is Now

    Why Web technologies became so popular

    A high level view of Browsers, HTML, JavaScript, XML etc.

 

2. Foundations of Security

    Where are the security issues in a software

    Basics of Encoding and Encryption

    Security Attributes with Examples – Authentication, Authorization, Confidentiality, Integrity, Non-Repudiation/Accountability, Availability

    Understanding basic web user operations w.r.t. security attributes

    What is the goal of security attacks

    Why the attacks on the Web have become popular

    All Input is Malicious

    Change of Context – Data to Code

 

3. Under the Hood - Understanding HTTP

        Introduction to HTTP

        Introduction to Web Proxies

        How does a Web Proxy Work

        How to use a Web Proxy using Browser Options and Plugins

        HTTP Request Format

        HTTP Response Format

        HTTP Methods

        HTTP Status Codes

        HTTP Headers

        The key differences between a GET and POST

        Converting a GET into POST and vice versa

        HTTP is stateless

        Session Management

        Session Tokens versus Session

        Cookies

        Hidden Variables

 

4. Foundations of Web Security

            Client-side restrictions – HTML / JavaScript

            Cookies from Security Perspective

            Encoding versus Encryption

            Session Management from Security Perspective

            Authentication and Authorization from Security Perspective

            HTML Parameters from Security Perspective

            The Misplaced Trust on Client

            Understanding Web Architecture

 

5. Survey the Territory

            Mapping an application from security perspective

            Using Browser

            Using Browser and Plugins

            What are the different areas of interest

 

6. Top Vulnerabilities

            Vulnerability Lists ( Focus on OWASP )

            Injection (Focus on SQL Injection)

            Cross-Site Scripting

            Authentication Flaws

            Session Management Flaws

            Authorization Flaws

            Cross-Site Request Forgery

            Insecure Configuration

            Insecure Storage

            Insecure Transmission

            Redirection Flaws

 

Hands-On and Brainstorming Exercises

The exercises are conducted using local vulnerable apps which have been designed and developed for the purpose. No public website is used for the exercises, as that would break the Ethics code.

Using Web Proxies

Using Browser Plugins

Encoding and Decoding

Parameter Tampering

Breaking Authentication

Breaking Access Flaws

Breaking Session Management

SQL Injection

Cross-Site Scripting ( XSS )

 

Instructor Bio

UNICOM trainer is a consulting software tester, author, speaker, coach and a serial entrepreneur from Bangalore, India. He is Director & Chief Testing Officer at Test Mile(www.testmile.com) and the founder of Talent Reboot(www.talentreboot.com). He is the author of Testing Perspective (www.testingperspective.com), one of the most referred websites in the technical areas in software testing.

He is known for his practical and unified view of the software testing subject. He is one of those rare testers in the world who have hands-on experience in software testing, development, test automation frameworks, agile testing, web security, API and white box testing, database testing, multiple programming languages (Java/Python/Perl/JavaScript) and web performance testing. He has been honored with multiple Testing Thought Leadership awards as well as Innovation in testing awards. His experience in a wide variety of fields over the course of 10 years, gives him a unique perspective of the software testing world not found elsewhere. Some of his unique ideas to testing world have been around fuzzing as non-security testing technique, blending of test design techniques across multiple fields, test encapsulation & tests that think in test automation, test automation design patterns, UBPPA in the performance world, auto-regression in regression testing, notion of state in execution in test automation, introspection in test automation and so on.

He has presented and published articles on a wide range of subjects related to software testing and Python. His experience of 12+ years in professional theater makes his presentations engaging and thought provoking.

Submit your details to download the brochure:

First Name *:

Last Name *:

Email *:

Phone Number *:

Job Title:

Organisation:

Comments:

  Type the characters you see in the picture below *:

 

 

Who should take this course?

The course has been specifically designed for someone with none to basic knowledge of web security testing. Testers and Developers who want to explore web security testing from offensive perspective rather than defensive are the target audience for this workshop.

 

Prerequisites on Infrastructure

    Bring your own Windows laptop to work through our hands-on exercises.

    You must have admin rights on the machine with permissions to configure browser settings.

 

Pre-requisites on knowledge

    None to basic knowledge about programming platforms/technologies

 

Trainee Package

The attendees would be provided with the following:

 

    Course material

    TesterFox 0.1: A portable FireFox, bundled with 20+ security testing plugins, that I have developed for the attendees

    Portable tools for mind mapping, text editing, text comparison

    Portable web proxies

    Portable Vulnerable app environment for practice

    ( Optional, for corporate workshops, separate charges ) Pre and post-assessment based on objective type or subjective type questions

    ( Optional, for corporate workshops, separate charges ) Post-training on-the-job support for applying the concepts

QUICK QUERY

 
navigation div
navigation div

Contact Us(India)

Shanmugha Arcade,

3rd Floor, 39,

NGEF Lane,

Indira Nagar 1st Stage,

Bengaluru - 560038,

Karnataka, India.

Telephone: +91-9538878795, +91-9538878799, +91-8025257962

E: contact@unicomlearning.com

Contact Us(UK)

OptiRisk R&D House

One Oxford Road

Uxbridge

Middlesex

UB9 4DA

UNITED KINGDOM

E: contact@unicom.co.uk

© 2018 All Rights Reserved