Cloud Computing and Other Training / Security Training
Web Application Security Testing
This Web Application Security Testing training teaches software testers how to plan and execute security tests, as well as how to select and use the most appropriate tools and techniques to find even hidden security flaws. Attendees learn essential, practical skills that can be applied immediately in the workplace.
Location and Pricing
Most Accelebrate courses are delivered as private, customized, on-site training at our clients' locations worldwide for groups of 3 or more attendees and are custom tailored to their specific needs. Please visit our client list to see organizations for whom we have delivered private in-house training. These courses can also be delivered as live, private online classes for groups that are geographically dispersed or wish to save on the instructor's or students' travel expenses. To receive a customized proposal and price quote for private training at your site or online, please contact us.
Security Training Objectives
All students will:
Security Training Outline
IT Security and Secure Coding
Nature of security
What is risk?
IT security vs. secure coding
From vulnerabilities to botnets and cybercrime
Classification of security flaws
Web Application Security (OWASP Top Ten 2017)
Sensitive data exposure
XML external entity (XXE)
Broken access control
Cross-Site Scripting (XSS)
Using components with known vulnerabilities
Insufficient logging and monitoring
Same Origin Policy
Cross-Origin Resource Sharing (CORS)
Client-side authentication and password management
Denial of Service
SSL/TLS renegotiation DoS
Asymmetric DOS with JSON deserialization
Regular expression DoS (ReDoS)
Hashtable collision attack
Functional testing vs. security testing
Prioritization – risk analysis
Security in the SDLC
Security assessments in various SDLC phases
Security testing methodology
Security Testing Techniques and Tools
General testing approaches
Source code review
Testing the implementation
Secure coding sources – a starter kit
Students must have general web application development and testing experience.
All Security Training attendees receive comprehensive courseware.
Software needed for each student PC:
Accelebrate can either provide a VMware virtual machine that can be run locally for the training or can provide access to a preconfigured cloud environment for each participant. Please contact us for details.
For classes delivered online, all participants need either dual monitors or a separate device logged into the online session so that they can do their work on one screen and watch the instructor on the other. A separate computer connected to a projector or large screen TV would be another way for students to see the instructor's screen simultaneously with working on their own.