0345 4506120

Web Security Testing

Security, or lack of it, is now perceived as a major problem for any form of on-line transaction. Whereas no system will ever be 100% secure, there are a number of security measures that can, and should, be implemented to ensure that the users of a Web site can be confident their data is reasonably protected. This course introduces attendees to the security problems associated with Web sites and how to test the security measures which have been put into place.

Structure

Lecture presentations are supported by a realistic case study, based on a fictitious Web site, which allows reinforcement of learning and enhances the understanding process. In addition, various security testing tools will be demonstrated.

Audience

The course is designed for software testers and test managers who will be involved in security testing of Web sites and applications.

We don't currently have any courses listed for Web Security Testing, would you like to view all courses for Software Testing?

Learning Objectives

At the end of the course attendees will be able to:

  • Examine a security policy and specify the types of tests necessary to ensure that the requirements contained in the policy are being met.
  • Scope security testing and create tests, test cases and test scripts.
  • Communicate adequately with appropriate technical personnel to ensure that the correct test or production environments are available.
  • Understand the capabilities of simple security testing tools and make a significant contribution to tool selection.
  • Execute basic security tests and understand the results.
  • Communicate with security professionals and external agencies where there is a requirement for detailed, focussed security testing.

Pre-Requisites

A good knowledge of Internet architecture and Web software testing. Attendance on the Web Software Testing course would be an ideal prerequisite.

Course Content

Testing Security
How Big is the Problem, Where is the Problem, Security Policies, Building a Policy, BS7799, ITSEC, Common Criteria, Hackers and Crackers, Security Testing Techniques, Manual Inspections & Reviews - Gap Analysis, Threat Modelling - Attack Trees, A Framework for Testing.

Network Architecture
Communication Protocol Models, The Four-layer Model, Packets, IP Addresses, IP v4 and v6, Transmission Control Protocol, Three-Way Handshake, HyperText Transfer Protocol, Universal Resource Locators, Domain Name System, Wired Networks, Wireless Networks, IP Spoofing, Secure Sockets Layer, Encryption, Public Key Infrastructure, SSL Sessions, Wireless Encryption.

Firewalls
What Firewalls Can and Can’t Do, Packet Filtering, Screening Routers, Proxy Servers, Network Address Translation, Virtual Private Networks, Sacrificial Lamb Configuration, Dual-homed Host, Screened Host Firewall System, Screened Subnet Firewall System.

Information Gathering
Mapping Out the Network Topology, Scope of the Testing Effort, IP Address Inventory, Ping Sweeps, Service/Socket Inventory, Port Scanning, Hardening the System Software, Web Application Fingerprinting, Testing for Error Code, Testing for Weak Cipher Levels, Testing SSL Certificate Validity, Application Code, Server Logs, Evaluating Intruder Detection, Intruder Detection Systems.

Authentication Testing
Default or Guessable User Accounts, Brute Force, Direct Page Requests, Parameter Modification, Session ID Prediction, File and Directory Privileges, Password Remember and Reset, Social Engineering and Insiders, Logout Testing, Cached Pages.

Session Management
Analysis of Session Management, Cookie Reverse Engineering, Cookie Manipulation by Guessing, Cookie Manipulation using Brute Force, Overflow, Exposed Session Tokens.

Data Validation Testing
Cross Site Scripting, HTTP Methods and Cross Site Tracing, SQL Injection, Relational Databases, Structured Query Language, Testing for SQL Injection, Testing for Authorisation Bypass Attacks, Testing for SELECT Statement Attacks, Testing for INSERT Statement Attacks, SSI Injection, XPath Injection, Dynamic Code, Buffer Overflows.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Our Customers Include