The 2-day workshop builds solid foundation of web security concepts and web security testing. It is not a course focused on a set of tools to do security testing rather the focus is on concepts and hands-on exercises during the workshop.

Following is what would be covered at a high level:

  • HTTP Essentials – Aspects of the protocol important for security
  • Security Basics
  • Attributes of Security
  • Anotomy of Web Security Attacks
  • Sources of Information on Web Security/Vulnerabilities
  • Relation to Testing Techniques and Approaches in Functional Testing
  • Automation aspects in Security Testing
  • Useful Browser Extensions
  • Using Web Proxies
  • Request Manipulation
  • OWASP Top 10
  • Thread Modeling
  • Fuzzing
  • Hands-On Threat Modeling
  • Exercises using WebGoat and other demo web applications

If you are interested in attending the workshop/knowing further details, please use the contact form or write to me at

Leave a Reply


1 11 12
April 25th, 2007

Expanding a COE to System-Wide Knowledge Pool

April 14th, 2007

Taking my next Testing Career move !

April 2nd, 2007

Can you develop the product in which you are finding bugs?

March 30th, 2007

Do you count on testing experience or years++?

March 29th, 2007

Whose Bug is it anyway?

March 28th, 2007

Am I putting the cat in the basket?

March 27th, 2007

Welcome to Testing Perspective !

August 31st, 2006

Latest From My Blog