0345 4506120

Tools and Techniques for Security Researchers

This course aims to teach delegates the various tools, techniques and procedures for identifying and researching vulnerabilities in open and closed source applications which often go undetected by vulnerability scanners.


This course is aimed at security professionals, penetration testers, researchers, developers and anyone who wishes to learn how to identify and research unknown vulnerabilities in both web and system applications.

Learning Objectives

Delegates will learn how to                    

  •   The limitations of generic vulnerability scanners
  •   The different types of vulnerabilities
  •   How to find and use relevant documentation useful to testing
  •   How to identify inputs in applications for testing
  •   How to review source code for vulnerabilities
  •   How to use debuggers and disassemblers to identify possible vulnerabilities
  •   How to use interception proxies
  •   How to use packet analysis tools
  •   How to test inputs using educated guess work
  •   How to fuzz applications for vulnerabilities


Experience with command line Linux is advantageous however it is not essential as the instructor will guide the delegates through each task.

Course Content

Module 1 - Application analysis

This module helps delegates understand the ways in which inputs in applications can be identified using online resources, static analysis and tools such as interception proxies, packet analysis tools and debuggers.

This module covers the following subjects:

  •   How to use online resources to identify useful information for testing
  •   How to identify inputs to applications
  •   How to perform static analysis of source code
  •   How to analyse applications using open source tools

Module 2 - Finding applications for vulnerabilities

This module helps delegates understand the various methods and techniques for testing applications for unknown vulnerabilities after analysing applications.

This module covers the following subjects:

  •   How to test applications for vulnerabilities using educated guess work
  •   How to test web applications using ZAP
  •   How to fuzz web applications for vulnerabilities
  •   How to fuzz system applications for vulnerabilities

Learning outcomes

Delegates will be able to understand the process and methods used to analyse applications for unknown vulnerabilities. Delegates will gain experience analysing both open and closed source applications using various tools and techniques allowing them to identify potential inputs to applications and test those inputs for vulnerabilities.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


Our Customers Include