The 2-day workshop builds solid foundation of web security concepts and web security testing. It is not a course focused on a set of tools to do security testing rather the focus is on concepts and hands-on exercises during the workshop.
Following is what would be covered at a high level:
- HTTP Essentials – Aspects of the protocol important for security
- Security Basics
- Attributes of Security
- Anotomy of Web Security Attacks
- Sources of Information on Web Security/Vulnerabilities
- Relation to Testing Techniques and Approaches in Functional Testing
- Automation aspects in Security Testing
- Useful Browser Extensions
- Using Web Proxies
- Request Manipulation
- OWASP Top 10
- Thread Modeling
- Fuzzing
- Hands-On Threat Modeling
- Exercises using WebGoat and other demo web applications
If you are interested in attending the workshop/knowing further details, please use the contact form or write to me at rahul_verma@testingperspective.com
Leave a Reply