Security Testing has good demand and less people in the market and is at the same level as AI and machine learning. The packages for these course are generally 2x when compared to automation roles and it is very easy to get selected in very big companies. Security Testing when learned by 2 to 4 experience people can easily get the job as the expectations are less and jobs are more. Where as the same Security Testing when learned by 10 plus experience, can help them move towards Test Architect roles.

Please go through the following details on our famous Security Testing Video Course (Life Time Access and no updation costs).

Total Sessions : 34 Sessions Total Duration : 35 hours Trainer : Vijay Rana

Video Course Contents:

Session 1: Introduction to Security Testing and Basic Concepts – Part 1 (1 hour)

• Introduction
• Importance of Security Testing
• Jobs and their demand
• Course Walkthrough
• Questions on Course and Security Testing
• CIA Triad
• Confidentiality
• Integrity
• Availability
• Vulnerability
• Threat
• Risk
• HTTP Protocol basics
• HTTP Methods
• HTTP Response Codes
• Cookie
• Session
• Cookie Versus Session

Session 2: Basic Concepts – Part 2 (1 hour)

• Input Validation
• Output Encoding
• Client-side validation
• Server-side validation
• Client-side Vs Server-side Validation
• BlackList validation
• WhiteList validation
• BlackList validation versus WhiteList validation

Session 3: Basic Concepts – Part 3 (1 hour)

• Cryptography
• Encryption
• Symmetric Key Encryption
• Asymmetric Key Encryption
• Encoding
• Hashing

Session 4: Basic Concepts – Part 4 (1 hour)

• Encryption, Encoding, and Hashing – CIA Triad
• SSL – Secured Socket Layer
• HTTP versus HTTPS
• SSL Handshaking Process
• Session 5: Basic Concepts – Part 5 (1 hour)

SDLC Process and Secure SDLC Process

• Secure SDLC-Advantages
• Threat Modelling
• STRIDE Methodology
• Spoofing Identity
• Tampering with data
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of privilege
• SSL and TLS Versions
• SSL Handshaking Process – Part 2
• Authentication versus Authorization

Session 6: Basic Concepts – Part 6 (1 hour)

• 5 Phases of Security Testing
• OWASP Top 10 Vulnerabilities
• BurpSuite Installlation and Configuration (Check notes)
• XAMPP and BWAPP Installation (check last Button)

Session 7: Cross Site Scripting – Part 1 (1 hour)

• What is Cross Site Scripting (XSS)?
• Definition of XSS
• Consequences of XSS
• XSS: Where to test?
• XSS: Payloads
• XSS: Where to test?
• XSS: Countermeasures/Recommendations/Remedy/Fix

Session 8: Cross Site Scripting – Part 2 (1 hour)

• What is Cross Site Scripting (XSS)?
• Definition of XSS
• Consequences of XSS
• XSS: Where to test?
• XSS: Payloads
• XSS: Where to test?
• XSS: Countermeasures/Recommendations/Remedy/Fix

Session 9: Cross Site Scripting – Part 3 (1 hour)

• Cross Site Scripting

Session 10: Cross Site Scripting – Part 4 (1 hour)

• Cross Site Scripting

Session 11: Cross Site Scripting – Part 5 and Troubleshooting BurpSuite & XAMPP issues (1 hour)

• Cross Site Scripting

Session 12: SQL Injection – Part 1 (1 hour)

• SQL Injection

Session 13: SQL Injection – Part 2 (1 hour)

• SQL Injection

Session 14: SQL Injection – Part 3 (1 hour)

• SQL Injection

Session 15: SQL Injection – Part 4 (1 hour)

• SQL Injection

Session 16: SQL Injection – Part 5 (1 hour)

• SQL Injection

Session 17: Cross Site Request Forgery – Part 1 (1 hour)

• Cross Site Request Forgery

Session 18: Cross Site Request Forgery – Part 2 (1 hour)

• Cross Site Request Forgery

Session 19: Insecure Direct Object Reference (1 hour)

• Insecure Direct Object Reference

Session 20: Failure to restrict access url and Sensitive Data exposure (1 hour)

• Failure to restrict access url and Sensitive Data exposure

Session 21: Broken Authentication and Session Management – Part 1 (1 hour)

• Broken Authentication and Session Management

Session 22: Broken Authentication and Session Management – Part 2 (1 hour)

• Broken Authentication and Session Management

Session 23: Broken Authentication and Session Management – Part 3 (1 hour)

• Broken Authentication and Session Management

Session 24: Broken Authentication, Session Management and Using components with known vulnerabilities – Part 3 (40 minutes)

• Broken Authentication, Session Management and Using components with known vulnerabilities

Session 25: Unvalidated Redirects/Forwards and Malicious File Uploads (1 hour)

• Unvalidated Redirects/Forwards and Malicious File Uploads

Session 26: Other Vulnerabilities – Part 1 (1 hour)

• Missing Cookie Attributes: HTTP Only and Secure flags
• Missing HSTS Header
• Dangerous/unsafe HTTP methods enabled
• Cacheable HTTPS response/Browser cache weakness

Session 27: Other Vulnerabilities – Part 2 (1 hour)

• Clickjacking
• Insufficient Password Policy
• XXE-XML External Entity

Session 28: Other Vulnerabilities – Part 3 (1 hour)

• Insecure Deserialization
• Insufficient Logging and Monitoring

Session 29: Security Testing Tools Demo(1 hour)

• Acunetix Tool Demonstration
• ZAP Tool Demonstration

Session 30: Network Security Testing – Part 1(1 hour)

• IP Addresses
• Ports
• Protocols
• Its all about
• Network Security Testing Types
• Approach

Session 31: Network Security Testing – Part 2(1 hour)

• NMAP
• Common Reported Vulnerabilities

Session 32: Android Security Testing – Part 1(1 hour)

• Android Architecture
• Android Versions
• Android Application: .apk
• Android Manifest.xml file
• Android Application Components: Manifest.xml file
• Tools required
• Approach
• Installing the apk file
• Decompiling the apk file
• Local data storage

Session 33: Android Security Testing – Part 2(1 hour)

• Reversing the target application
• Hard Coded Issues
• Insecure Logging
• Insecure Data Storage
• Input Validation: SQL Injection
• Input Validation: Part 2
• Access Control Issues: Part1

Session 34: Live Project Session (2 hours)

• Steps to configure a vulnerable Live Project in your machine
• Live Project Demonstration

Other Stuff

• Interview Questions
• SSRF Vulnerability

Happy Learning ????