Security Testing has good demand and less people in the market and is at the same level as AI and machine learning. The packages for these course are generally 2x when compared to automation roles and it is very easy to get selected in very big companies. Security Testing when learned by 2 to 4 experience people can easily get the job as the expectations are less and jobs are more. Where as the same Security Testing when learned by 10 plus experience, can help them move towards Test Architect roles.
Please go through the following details on our famous Security Testing Video Course (Life Time Access and no updation costs).
Total Sessions : 34 Sessions
Total Duration : 35 hours
Trainer : Vijay Rana
Video Course Contents:
Session 1: Introduction to Security Testing and Basic Concepts – Part 1 (1 hour)
- Introduction
- Importance of Security Testing
- Jobs and their demand
- Course Walkthrough
- Questions on Course and Security Testing
- CIA Triad
- Confidentiality
- Integrity
- Availability
- Vulnerability
- Threat
- Risk
- HTTP Protocol basics
- HTTP Methods
- HTTP Response Codes
- Cookie
- Session
- Cookie Versus Session
Session 2: Basic Concepts – Part 2 (1 hour)
- Input Validation
- Output Encoding
- Client-side validation
- Server-side validation
- Client-side Vs Server-side Validation
- BlackList validation
- WhiteList validation
- BlackList validation versus WhiteList validation
Session 3: Basic Concepts – Part 3 (1 hour)
- Cryptography
- Encryption
- Symmetric Key Encryption
- Asymmetric Key Encryption
- Encoding
- Hashing
Session 4: Basic Concepts – Part 4 (1 hour)
- Encryption, Encoding, and Hashing – CIA Triad
- SSL – Secured Socket Layer
- HTTP versus HTTPS
- SSL Handshaking Process
- Session 5: Basic Concepts – Part 5 (1 hour)
SDLC Process and Secure SDLC Process
- Secure SDLC-Advantages
- Threat Modelling
- STRIDE Methodology
- Spoofing Identity
- Tampering with data
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of privilege
- SSL and TLS Versions
- SSL Handshaking Process – Part 2
- Authentication versus Authorization
Session 6: Basic Concepts – Part 6 (1 hour)
- 5 Phases of Security Testing
- OWASP Top 10 Vulnerabilities
- BurpSuite Installlation and Configuration (Check notes)
- XAMPP and BWAPP Installation (check last Button)
Session 7: Cross Site Scripting – Part 1 (1 hour)
- What is Cross Site Scripting (XSS)?
- Definition of XSS
- Consequences of XSS
- XSS: Where to test?
- XSS: Payloads
- XSS: Where to test?
- XSS: Countermeasures/Recommendations/Remedy/Fix
Session 8: Cross Site Scripting – Part 2 (1 hour)
- What is Cross Site Scripting (XSS)?
- Definition of XSS
- Consequences of XSS
- XSS: Where to test?
- XSS: Payloads
- XSS: Where to test?
- XSS: Countermeasures/Recommendations/Remedy/Fix
Session 9: Cross Site Scripting – Part 3 (1 hour)
Session 10: Cross Site Scripting – Part 4 (1 hour)
Session 11: Cross Site Scripting – Part 5 and Troubleshooting BurpSuite & XAMPP issues (1 hour)
Session 12: SQL Injection – Part 1 (1 hour)
Session 13: SQL Injection – Part 2 (1 hour)
Session 14: SQL Injection – Part 3 (1 hour)
Session 15: SQL Injection – Part 4 (1 hour)
Session 16: SQL Injection – Part 5 (1 hour)
Session 17: Cross Site Request Forgery – Part 1 (1 hour)
- Cross Site Request Forgery
Session 18: Cross Site Request Forgery – Part 2 (1 hour)
- Cross Site Request Forgery
Session 19: Insecure Direct Object Reference (1 hour)
- Insecure Direct Object Reference
Session 20: Failure to restrict access url and Sensitive Data exposure (1 hour)
- Failure to restrict access url and Sensitive Data exposure
Session 21: Broken Authentication and Session Management – Part 1 (1 hour)
- Broken Authentication and Session Management
Session 22: Broken Authentication and Session Management – Part 2 (1 hour)
- Broken Authentication and Session Management
Session 23: Broken Authentication and Session Management – Part 3 (1 hour)
- Broken Authentication and Session Management
Session 24: Broken Authentication, Session Management and Using components with known vulnerabilities – Part 3 (40 minutes)
- Broken Authentication, Session Management and Using components with known vulnerabilities
Session 25: Unvalidated Redirects/Forwards and Malicious File Uploads (1 hour)
- Unvalidated Redirects/Forwards and Malicious File Uploads
Session 26: Other Vulnerabilities – Part 1 (1 hour)
- Missing Cookie Attributes: HTTP Only and Secure flags
- Missing HSTS Header
- Dangerous/unsafe HTTP methods enabled
- Cacheable HTTPS response/Browser cache weakness
Session 27: Other Vulnerabilities – Part 2 (1 hour)
- Clickjacking
- Insufficient Password Policy
- XXE-XML External Entity
Session 28: Other Vulnerabilities – Part 3 (1 hour)
- Insecure Deserialization
- Insufficient Logging and Monitoring
Session 29: Security Testing Tools Demo(1 hour)
- Acunetix Tool Demonstration
- ZAP Tool Demonstration
Session 30: Network Security Testing – Part 1(1 hour)
- IP Addresses
- Ports
- Protocols
- Its all about
- Network Security Testing Types
- Approach
Session 31: Network Security Testing – Part 2(1 hour)
- NMAP
- Common Reported Vulnerabilities
Session 32: Android Security Testing – Part 1(1 hour)
- Android Architecture
- Android Versions
- Android Application: .apk
- Android Manifest.xml file
- Android Application Components: Manifest.xml file
- Tools required
- Approach
- Installing the apk file
- Decompiling the apk file
- Local data storage
Session 33: Android Security Testing – Part 2(1 hour)
- Reversing the target application
- Hard Coded Issues
- Insecure Logging
- Insecure Data Storage
- Input Validation: SQL Injection
- Input Validation: Part 2
- Access Control Issues: Part1
Session 34: Live Project Session (2 hours)
- Steps to configure a vulnerable Live Project in your machine
- Live Project Demonstration
Other Stuff
- Interview Questions
- SSRF Vulnerability
Happy Learning ????