Security Testing Training Topics (Web, mobile & network)
1. Web Application Security Testing:
- Introduction to Security Testing and its importance
- Basic concepts of Security Testing
- CIA Triad
- HTTP Methods
- Http Headers
- Cookie VS Session
- Cryptography- Encryption, Encoding, Hashing
- SDLC and Threat Modelling
- Security Testing process/Methodology
- SSL Handshaking Process
- OWASP 2013-2017 Vulnerabilities
- SQL Injection
- Cross Site Scripting
- Cross-Site Request Forgery
- Insecure Direct Object Reference
- Failure to Restrict URL Access
- Security Misconfiguration
- Unvalidated redirects and forwards
- Broken Authentication and session management
- Using components with known vulnerabilities
- Sensitive data exposure
- Xml External Entity
- Insecure Logging and Storage
- Authentication related tests
- Credentials transported over an encrypted channel
- Testing for user enumeration
- Default or guessable (dictionary) user account
- Testing for Brute Force
- Testing for Bypassing authentication schema
- Testing for Vulnerable remember password and pwd reset
- Testing for Logout and Browser Cache Management
- Testing for CAPTCHA
- Authorization-related tests
- Path Traversals
- Bypassing Authorization schema
- Privilege Escalation
- Session Management Testing
- Session Hijacking
- Session Fixation
- Session Timeout
- Session Replay
- Session Invalidation
- Exposed Session Variables
- Configuration related tests
- Missing Http Only and Secure Flags
- Unsafe CORS Policy- HTML5
- Introduction to various Vulnerability Scanners
- Scanning application using BurpSuite and False positive elimination
- Bypassing client-Side Validations
- Risk Rating and Report preparation
2. Mobile Security Testing- All the web application related test followed by the below
- Creating Virtual Devices
- Installing the APK/IPA file
- Decompiling the file
- SSH the device
- Local data storage for information leakage
- Intercepting the request using BurpSuite
- Reverse Engineering
3. Network Security Testing
- Basic Concepts of Networking
- OSI Layers
- TCP VS UDP
- What is an IP
- IP Address Classes
- IP V4 VS IP V6
- Different Ports
- Different Protocols
- Hubs, Switches, Routers
- Network Security Testing Methodology
- Scanning a network using Nessus
- Scanning and evidence gathering using Nmap
- Internal Vs External Network Security Testing
- Report Preparation
- Tools Covered:
- Web Application Security Testing – BurpSuite, Acunetix, Sslyze, Sqlmap
- Network security Testing – Nmap, Nessus, SSLscan/Sslyze
- Mobile Security Testing- Gennymotion and ADT Bundle
[Sample video YouTube. Play and do Full Screen]
Training session details:
- Start Date: June 19, 2018
- Time: 6:30 AM IST to 8 AM IST (Indian Standard Time)
- Training Duration: 30 days
- Session Duration: One and half hours (Daily)
- Training Type: Online Training
- Training Cost: INR 12,000/-
- Maximum number of attendees in each batch: 15
Can I make the partial payment?
- Yes, you can pay us half of the amount now and another half after two days of the session start date.
What if I miss any session?
- We are recording all sessions. You can always watch these videos if you miss any session.
I have more questions, can I talk to any human?
- Yes. You can chat with us, or you can call us at +91 9940228234.
The trainer has 10+ Years of Experience and is Certified in internationally renowned CISSP and CISA Certifications besides CEH.
We are providing Security Testing Hands-on Training for Web Applications. The following are the highlights of the training:
- The trainer is a Passionate Cyber Security Professional having 10 Plus years of experience in information security testing.
- Worked across various MNC’s
- He is one of those few Security professional who holds internationally renowned CISSP and CISA Certifications besides CEH.
- No pre-requisites required for this Training.
- This course is appropriate for software development and testing professionals who want to begin doing security testing as part of their assurance activities.
- Practical Hands-on training will be provided using various Security Testing Tools by a real-time expert.
This is a beginner to advanced course on Web Application Security Testing (Penetration Testing)
- Assignment/Tasks will be provided to build your confidence.
- Don’t wait, just make a move and utilize this precious opportunity of Security Testing
- Security Testers are in great demand and getting good packages on the market.
- Be an all-rounder, instead of just sticking to normal Manual and Automation Testing skills.