Duration: 2 Days
Course Overview
This module provides foundation training in basic testing concepts for security testing, and addresses the strategies for utilising test automation to support this.
The course is very tool-based and practical. Attendees are taught for about 40% of the course time, but the remaining 60% is spent in workshops designing penetration and other vulnerability tests, and then in performing hands-on testing and coded testing activities.
How can I attend my course?
Course Content
Introduction
• Key aspects of software security testing
• The DevSecOps model: security is everyone’s responsibility
• Building a comprehensive automated security testing strategy
• Security frameworks: OWASP
Security design patterns
• Defence in depth
• Authorisation and Authentication models
• Multi-factor authentication
• Case study: OAuth
Security testing
• Validating secure design principles have been followed
• Security verification
• Testing authentication and authorisation mechanisms
• Testing functional behaviour for penetrability
• Denial of service vulnerability and recovery testing
Specific examples
• SQL Injection testing
• Cross-site scripting tests
• Buffer overrun known errors
Security testing toolkits
• Security compliance testing
• Microsoft security compliance toolkit
• Penetration testing tools
• Kali Linux and the toolkits it hosts
• Port scanning – nmap and wireshark
• Password vulnerability – John the Ripper
• Database security testing with SQLMap
Security test automation
• Automating security test suites
• Integrating Sec testing into the CI/CD pipeline
