Web Application Security Testing Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

The Web Application Security Testing training course provides skills to learn, experiment and implement the concepts involved in Security Testing for Web Application. You will be presented with ample examples, exercises and case studies to understand and apply the concepts taught.

By attending Web Application Security Testing workshop, delegates will:

Review the fundamental concepts of Security of Web Application and its place in an information management environment
Learn about the role of the testing process as part of software development and as part of Security Testing development
Learn about test strategies, test plans and test cases – what they are and how to develop them, specifically for Security testing
Create effective test cases and scenarios based on business and user requirements
Plan and coordinate security testing
Conduct reviews and inspections for validation and verification

Basic knowledge on software testing.

The Web Application Security Testing class is appropriate for both Novice and Experienced Software Engineers including:

Software developers
Test Engineers
Quality Assurance Specialists
Project / Test Managers
Project / Test Leads

Understanding Web Security Concerns

Introduction – Web Security
The Business Impact of Security
Secure SDLC Self-Assessment
Roles and Responsibilities
Need for Security Policy
The Vulnerabilities
Web Security – Technology Basics

Introduction and Key Principles in Testing

Testing Concepts- Verification & Validation
SDLC and STLC
Test Design Methods and Testing Levels for Security Testing
Security Requirements Testing Derivation
Introduction to Testing Framework-OWASP
Secure SDLC Self-Assessment
Hands on – Identify Security Requirement from given Functional Requirements Specification

Introduction to Security Testing

What is Web Security Testing
Knowledge and Skills Needed for a Security Tester
The Scope of a Security Testing
Measures to Implement Overall Security for the Application
Security and Internet

Security Testing Methodology

Web Applications Security Landscape
The Business Logic Security Testing
Preparation and Testing
Risk Based Approach
Risk Awareness – Know, Analyze and Understand The Risk
Methods to Resolve the Problems
Measure the Results
Hands on – Risk Identification Case Study
A1 – Injection
A2 – Cross – site Scripting(XSS)
A3 – Broken Identification and Session Management
A4 – Insecure Direct Object References
A5 – Cross Side Request Forgery(CSRF)
A6 – Security Misconfiguration (NEW)
A7 – Insecure Cryptographic Storage
A8 – Failure to Restrict URL Access
A9 – Insufficient Transport Layer Protection
A10 – Unvalidated Redirect and Forward
Testing the Enterprise Security – Anti Spam and Anti – Virus

A walk through on vulnerabilities

Cross-Site Scripting

Port Scanning and Service Mapping

Random Data Testing

Session Hijacking

URL Manipulation

Social Engineering

Parameter Manipulation

Penetration Testing

Database Auditing

The Server Security (The Process of Limiting the Access to Database Server)
Database Connection (The Local and Remote Database Access Through Authentication and Authorization)
Table Access Control (Related to Access Control List Restricting Control to Database Tables)
Restricting to Database Access ( Firewall and Network Segmentation)
Hands on Database Auditing
Introduction to Automation
Security Test Automation Tools
Demo on using Test Automation for Security Testing
Demo for Automation Test Tools
Introduction to Penetration Testing

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

Web Application Security Testing

COURSE AGENDA