This 2-day course details testing best practices and specifically focuses on mobile applications and mobile web testing.
|
|
- Chastity Elliott
- 7 years ago
- Views:
Transcription
1 Course Page - Page 1 of 5 Testing Mobile Applications and Mobile Web Training BSP-2206 Length: 2 days Price: $ 1, Course Description This 2-day course details testing best practices and specifically focuses on mobile applications and mobile web testing. Course Audience Testers, test engineers, development managers, test managers and project managers who will be designing, managing, and performing the testing of mobile applications. *Some experience with testing software applications. Course Outline CHAPTER 1. TESTING FUNDAMENTALS PART I Basic Differences Between Mobile and Thin Client Basic Differences in Network Bandwidth Basic Differences in Device Resources Basic Differences in Navigation Performance Matrices Performance CHAPTER 2. TESTING FUNDAMENTALS PART II What is a bug? Common types of bugs Sample bug report - simple Sample bug report complex Best practices in bug reporting Characteristics of a good problem report
2 Course Page - Page 2 of 5 Typical states for bug reporting The goals Best Practices Best practices Sample bug state chart CHAPTER 3. MOBILE TESTING OVERVIEW Native Architecture Mobile Web Site Architecture Hybrid Apps Unit Testing The Architecture Function Testing Applications Testing Disk Storage Testing Network Access Testing Location Based Services Testing Telephony Services CHAPTER 4. TEST PLAN AND TEST CASE DESIGN The Requirements of a System Document One Use Case Document UC01 Add a new appointment Document 2 Supplementary Specifications Knowing the Testing Priority The Severity Scale The Priority Scale The Likelihood Scale Priority of Coverage An Example The Test Plan The Sections of the IEEE Test Plan Template Typical Test Team Activities The Four Types of Tests Beware of Test Escapes Test Coverage Models Test Coverage Models Continued CHAPTER 5. TESTING MOBILE APPLICATIONS PART I UI Testing UI Testing Continued
3 Course Page - Page 3 of 5 Common Problems with Error Messages Common UI Errors Common UI Errors Continued Functional Testing New Terms To Consider for Mobile Gestures Gestures Continued Orientation Language and Resolution Accessories Accessories Continued Motion Motion Continued Light Light Continued Location Location Continued Connectivity Types of Testing Types of Testing Continued Testing Data Storage Testing Application Preferences Testing Storage on SD Card Testing for SQL Database Storage Testing for Version Upgrade and SQL Schema Change Help Testing Help Testing Continued CHAPTER 6. TESTING MOBILE APPLICATIONS PART II Application Configuration Application Security Configuration Downloadable Configuration Device Configuration Change Testing for Changed Operational Environment Factors Testing Battery Levels Testing Connectivity Life-Cycles of Mobile Apps When Your App is Going to the Back and to the Fore... Android's Life-Cycle Management Life-Cycle Testing Techniques Simulating Low Memory Situation Miscellaneous Test Cases Mobile Client-Server Platforms Mobile Apps Performance Overview
4 Course Page - Page 4 of 5 Test Case Prioritization Native Mobile Apps Performance Testing Overview Native Mobile Apps Performance Testing Hybrid Mobile Apps Performance Testing Overview Hybrid Mobile Apps Performance Testing Mobile Web Apps Performance Testing Overview Mobile Web Apps Performance Testing Server Response Time Tools for Testing Performance CHAPTER 7. TESTING MOBILE WEB Mostly Similar to Regular Web Applications Unique Test Cases Performance Testing Load Throughput Throughput Curve Saturation The Significance of Throughput Response Time Response Time Curve Response Time at System Saturation Response Time Past the Buckle Point Think Time Performance Acceptance Criteria Security Testing Input Data Validation Data Ownership Validation SQL Injection Problem SQL Injection Solution Malicious File Execution Problem Malicious File Execution Solution Insecure Authentication Mechanism Failure to Restrict URL Access Problem Failure to Restrict URL Access Solution Cross Site Scripting (XSS)Problem Cross Site Scripting (XSS) Solution Cross Site Request Forgery (CSRF) Problem Cross Site Request Forgery (CSRF) Solution Buffer Overflow Buffer Overflow Example More Buffer Overflows Buffer Overflow Solution Session Hijacking
5 Powered by TCPDF ( Course Page - Page 5 of 5 Session Hijacking through Sniffing CHAPTER 8. TEST REPORTING Weekly Reports Weekly Reports Continued Testing Cycle Complete Report Test Tracking Spreadsheet Tracking Test Coverage Spreadsheet Open/Closed Chart CHAPTER 9. MOBILE APPLICATION TESTING TOOLS Unit Testing using JUnit Framework Android Testing Framework The Architecture Wirebox for iphone Testing Network Access Test for Bandwidth Differences Mobile Web Server Testing LoadRunner Available Dates 09/12/ :00 am - 09/13/2016 6:00 pm 10/31/ :00 am - 11/01/2016 6:00 pm
FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationMobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD
Mobile App Testing Process Mobile Application Testing Strategy EMULATOR QA team can perform most of the testing in a well-equipped test environment using device emulators with various options like ability
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationPromoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org
Promoting Application Security within Federal Government AppSec DC November 13, 2009 Dr. Sarbari Gupta, CISSP, CISA Founder/President Electrosoft sarbari@electrosoft-inc.com 703-437-9451 ext 12 The Foundation
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. OWASP Top Ten 2010 The Ten Most Critical Web Application Report This report was created by IBM Rational
More informationensuring security the way how we do it
ensuring security the way how we do it HUSTEF, 2015.11.18 Attila Tóth 1 Nokia Solutions and Networks 2014 Disclaimer The ideas, processes, tools are presented from a practitioner s point of view working
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationBlackboard Learn TM, Release 9 Technology Architecture. John Fontaine
Blackboard Learn TM, Release 9 Technology Architecture John Fontaine Overview Background Blackboard Learn Deployment Model and Architecture Setup and Installation Common Administrative Tasks Tuning Integrating
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationHow To Understand And Understand The Security Of A Web Browser (For Web Users)
Security vulnerabilities: should they be early detected? - lsampaio@inf.puc-rio.br Alessandro Garcia afgarcia@inf.puc-rio.br OPUS Research Group Agenda 1. Background; 2.Motivation; 3.Research Questions;
More informationDISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, 2009. The OWASP Foundation http://www.owasp.
DISA's Application Security and Development STIG: How Can Help You AppSec DC November 12, 2009 Jason Li Senior Application Security Engineer jason.li@aspectsecurity.com The Foundation http://www.owasp.org
More informationFollowing statistics will show you the importance of mobile applications in this smart era,
www.agileload.com There is no second thought about the exponential increase in importance and usage of mobile applications. Simultaneously better user experience will remain most important factor to attract
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More information8070.S000 Application Security
8070.S000 Application Security Last Revised: 02/26/15 Final 02/26/15 REVISION CONTROL Document Title: Author: File Reference: Application Security Information Security 8070.S000_Application_Security.docx
More informationAutomated testing for Mobility New age applications require New age Mobility solutions
Automated testing for Mobility New age applications require New age Mobility solutions Executive Summary Today, mobile phone has transformed from its former role as a mere medium of communication to that
More informationApplication Code Development Standards
Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards
More informationCourse Description. Course Audience. Course Outline. Course Page - Page 1 of 5. Microsoft Azure Fundamentals M-10979 Length: 2 days Price: $ 1,295.
Course Page - Page 1 of 5 Microsoft Azure Fundamentals M-10979 Length: 2 days Price: $ 1,295.00 Course Description Get hands-on instruction and practice implementing Microsoft Azure in this two day Microsoft
More informationPromoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org
Promoting Application Security within Federal Government AppSec DC November 13, 2009 Dr. Sarbari Gupta, CISSP, CISA Founder/President Electrosoft sarbari@electrosoft-inc.com 703-437-9451 ext 12 The Foundation
More informationImplementing Mobile Thin client Architecture For Enterprise Application
Research Paper Implementing Mobile Thin client Architecture For Enterprise Paper ID IJIFR/ V2/ E1/ 037 Page No 131-136 Subject Area Information Technology Key Words JQuery Mobile, JQuery Ajax, REST, JSON
More informationSoftware Quality Testing Course Material
Prepared by Vipul Jain Software Quality Testing Course Material Course content is designed and will be taught in such a manner in order to make a person job ready in around 10-12 weeks. Classroom sessions
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More informationTurning the Battleship: How to Build Secure Software in Large Organizations. Dan Cornell May 11 th, 2006
Turning the Battleship: How to Build Secure Software in Large Organizations Dan Cornell May 11 th, 2006 Overview Background and key questions Quick review of web application security The web application
More informationMagenTys Testing Services Page 2
Testing Services CONTENTS 1 MAGENTYS... 3 2 COMPANY DETAILS... 4 2.1 Overview... 4 2.2 ETHICS and values... 4 3 Services... 5 3.1 Test Automation... 5 3.1.1 Test Automation Framework and Automated Test
More informationCompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001
CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required
More informationOWASP NZ Day 2011 Testing Mobile Applications
OWASP NZ Day 2011 Testing Mobile Applications Presenter: Nick von Dadelszen Date: 7 th July 2011 Company: Lateral Security (IT) Services Limited Company overview Company Lateral Security (IT) Services
More informationSaaS-Based Employee Benefits Enrollment System
Situation A US based industry leader in Employee benefits catering to large and diverse client base, wanted to build a high performance enterprise application that supports sizeable concurrent user load
More informationPCI-DSS 3.0 AND APPLICATION SECURITY
PCI-DSS 3.0 AND APPLICATION SECURITY www.quotium.com Achieving PCI DSS Compliance with Seeker This paper discusses PCI DSS and the vital role it plays in building secure software applications. It will
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationIntroduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006
Introduction to Web Application Security Microsoft CSO Roundtable Houston, TX September 13 th, 2006 Overview Background What is Application Security and Why Is It Important? Examples Where Do We Go From
More informationSecurity Testing & Load Testing for Online Document Management system
1 Security Testing & Load Testing for Online Document Management system Abstract The client is a leading provider of online technical documentation solutions in UK, they wanted to protect their documents
More informationTECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
More informationPERFORMANCE TESTING. New Batches Info. We are ready to serve Latest Testing Trends, Are you ready to learn.?? START DATE : TIMINGS : DURATION :
PERFORMANCE TESTING We are ready to serve Latest Testing Trends, Are you ready to learn.?? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Performance
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationThis course is intended for database professionals who need who plan, implement, and manage database solutions. Primary responsibilities include:
Course Page - Page 1 of 5 Designing Solutions for Microsoft SQL Server 2014 M-20465 Length: 3 days Price: $1,795.00 Course Description The focus of this three-day instructor-led course is on planning and
More informationSyllabus Version 1.2.8.
Syllabus Version 1.2.8. 0. Introduction to This Syllabus... 4 0.1 Purpose of this Document... 4 0.2 Cognitive Level of Knowledge... 4 0.3 The Examination... 5 0.4 Business Outcome... 5 0.5 Specialization...
More information120+ 35+ R E L E A S E S T E S T E R S YEARS IN THE MARKET
WE CREATE QUALITY Softengi QA Service is a part of Intecracy Group which unites IT companies in USA, EU, India, Indonesia, Ukraine, Moldova, Azerbaijan, Georgia, Kazakhstan and Belarus. Our team has implemented
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationStrategic Information Security. Attacking and Defending Web Services
Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments
More informationMembers of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems
Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security
More informationWho, What, Where, How: Five Big Questions in Mobile Security
Who, What, Where, How: Five Big Questions in Mobile Security Jacob West CTO, Fortify Products HP Enterprise Security Session ID: ASEC-R31 Session Classification: Intermediate Why is mobile security an
More informationHow to achieve PCI DSS Compliance with Checkmarx Source Code Analysis
How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.
More informationOne positive experience I've had in the last 24 hours: Exercise today:
Name - Day 1 of 21 Sunday, June 29, 2014 3:34 PM journal template Page 1 Name - Day 1 of 21 Sunday, June 29, 2014 3:34 PM journal template Page 2 Name - Day 2 of 21 2:27 PM journal template Page 3 Name
More informationMike Zusman 3/7/2011. OWASP Goes Mobile SANS AppSec Summit 2011
Mike Zusman 3/7/2011 OWASP Goes Mobile SANS AppSec Summit 2011 Agenda Introductions OWASP Summit Recap OWASP Mobile Top 10 v0.1 (DRAFT) 2 Who Are We Other than carbon-based multi-cellular life forms 3
More informationNetwork Threats and Vulnerabilities. Ed Crowley
Network Threats and Vulnerabilities Ed Crowley Objectives At the end of this unit, you will be able to describe and explain: Network attack terms Major types of attacks including Denial of Service DoS
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationOverview of the Penetration Test Implementation and Service. Peter Kanters
Penetration Test Service @ ABN AMRO Overview of the Penetration Test Implementation and Service. Peter Kanters ABN AMRO / ISO April 2010 Contents 1. Introduction. 2. The history of Penetration Testing
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationBetter Software Though Expertise, Collaboration & Automation. BDD, DevOps and Testing
Better Software Though Expertise, Collaboration & Automation BDD, DevOps and Testing CONTENTS 1 MAGENTYS... 3 2 TESTING SERVICES... 4 2.1 Test Automation... 5 2.1.1 Test Automation Framework and Automated
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationTEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com
TEAM Academy Catalog 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 TEAM ACADEMY OVERVIEW 2 Table of Contents TEAM Academy Overview... 4 TEAM Professor Overview... 4 Security Awareness and
More informationPCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker
PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS
More informationPoints of View. CxO s point of view. Developer s point of view. Attacker s point of view
Web App Security 2 CxO s point of view Points of View Measurable security SCAP (Security Content Automation Protocol) Developer s point of view Secure coding/software security CWE (Common Weakness Enumeration)
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationMA-WA1920: Enterprise iphone and ipad Programming
MA-WA1920: Enterprise iphone and ipad Programming Description This 5 day iphone training course teaches application development for the ios platform. It covers iphone, ipad and ipod Touch devices. This
More informationHow To Write A Web Application Vulnerability Scanner And Security Auditor
ARGENTINA CHILE COLOMBIA MEXICO PANAMA PERU SPAIN USA VENEZUELA WAPITI Web application vulnerability scanner and Security auditor March 2010 www.gesfor.es www.grupogesfor.com1 Agenda Why is security necessary?
More informationDevelopment Processes (Lecture outline)
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationCloud Security Framework (CSF): Gap Analysis & Roadmap
Cloud Security Framework (CSF): Gap Analysis & Roadmap Contributors: Suren Karavettil, Bhumip Khasnabish Ning So, Gene Golovinsky, Meng Yu & Wei Yinxing Please send comments & suggestions to Suren Karavettil
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More information50 shades of Siebel mobile
50 shades of Siebel mobile Markus Schneeweis ec4u expert consulting AG 1 Agenda Start Part 1 The disruption Part 2 What means mobile? Part 3 Siebel Mobile clash of the generations? Part 4 Our offer 7 Key
More informationWeb application testing
CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationOWASP Top Ten Tools and Tactics
OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),
More informationOWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.
and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationOracle Application Express MS Access on Steroids
Oracle Application Express MS Access on Steroids Jules Lane Principal Consultant Tactical Database Development options Spreadsheets Encourage data duplication and inconsistency, clog
More informationHack Proof Your Webapps
Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationAnnex B - Content Management System (CMS) Qualifying Procedure
Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum
More informationSix Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business
6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web
More informationMobile App Testing is not something special
Mobile App Testing is not something special Simon Peter Schrijver TesT-PRO @simonsaysnomore p.schrijver@test-pro.nl simonsaysnomore.wordpress.com My career in Mobile (App) Testing Between 2006 and 2014
More informationMatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool
MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application
More informationWeb Application Attacks and Countermeasures: Case Studies from Financial Systems
Web Application Attacks and Countermeasures: Case Studies from Financial Systems Dr. Michael Liu, CISSP, Senior Application Security Consultant, HSBC Inc Overview Information Security Briefing Web Applications
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationLearning objectives for today s session
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationDatabase FAQs - SQL Server
Database FAQs - SQL Server Kony Platform Release 5.0 Copyright 2013 by Kony, Inc. All rights reserved. August, 2013 This document contains information proprietary to Kony, Inc., is bound by the Kony license
More informationEnterprise Application Security Program
Enterprise Application Security Program GE s approach to solving the root cause and establishing a Center of Excellence Darren Challey GE Application Security Leader Agenda Why is AppSec important? Why
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationNetwork Security Exercise #8
Computer and Communication Systems Lehrstuhl für Technische Informatik Network Security Exercise #8 Falko Dressler and Christoph Sommer Computer and Communication Systems Institute of Computer Science,
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationBlack Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be
More informationIntegrating Security Testing into Quality Control
Integrating Security Testing into Quality Control Executive Summary At a time when 82% of all application vulnerabilities are found in web applications 1, CIOs are looking for traditional and non-traditional
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationImage Area. White Paper. Best Practices in Mobile Application Testing. - Mohan Kumar, Manish Chauhan. www.infosys.com
Image Area White Paper Best Practices in Mobile Application Testing - Mohan Kumar, Manish Chauhan www.infosys.com Contents Introduction 3 QA Challenges in Mobile Application Testing 3 Device Variation
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSyllabus Version 2.5_R (04.04.2016)
Syllabus Version 2.5_R (04.04.2016) CMAP-F-Syllabus V2.5_EN, 04.04.2016 Page 1 of 15 0. Introduction to This Syllabus... 4 0.1 Purpose of this document... 4 0.2 Cognitive Levels of Knowledge... 4 0.3 The
More informationPREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES
PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES Ira Winkler Codenomicon Session ID: MBS-W05 Session Classification: Intermediate Zero Day Attacks Zero day attacks are rising in prominence They tend to be
More informationMobile App Testing Guide. Basics of Mobile App Testing
2015 Mobile App Testing Guide Basics of Mobile App Testing Introduction Technology is on peek, where each and every day we set a new benchmark. Those days are gone when computers were just a machine and
More information