Application Security Testing



Similar documents
Web App Security Audit Services

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Web application testing

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CYBERTRON NETWORK SOLUTIONS

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

CRYPTUS DIPLOMA IN IT SECURITY

Learn Ethical Hacking, Become a Pentester

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Penetration Testing Service. By Comsec Information Security Consulting

Web Application Report

Web Application Security

Vulnerability Assessment and Penetration Testing

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

New IBM Security Scanning Software Protects Businesses From Hackers

(WAPT) Web Application Penetration Testing

The Top Web Application Attacks: Are you vulnerable?

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

elearning for Secure Application Development

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

ensuring security the way how we do it

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

CEH Version8 Course Outline

Information Security. Training

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Security in Network-Based Applications. ITIS 4166/5166 Network Based Application Development. Network Security. Agenda. References

Adobe Systems Incorporated

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group


Web Application Penetration Testing

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

ISSECO Syllabus Public Version v1.0

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Web Applications The Hacker s New Target

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0

Security Evaluation CLX.Sentinel

Strategic Information Security. Attacking and Defending Web Services

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Certified Ethical Hacker (CEH)

Web Application Vulnerability Testing with Nessus

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Amadeus Shaping the future of travel

Passing PCI Compliance How to Address the Application Security Mandates

Information Technology Policy

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

What is Web Security? Motivation

WEB APPLICATION SECURITY

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Application Code Development Standards

Barracuda Web Site Firewall Ensures PCI DSS Compliance

A Network Administrator s Guide to Web App Security

Penetration Testing with Kali Linux

HP WebInspect Tutorial

Essential IT Security Testing

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Rational AppScan & Ounce Products

IJMIE Volume 2, Issue 9 ISSN:

Last update: February 23, 2004

Automating Security Testing. Mark Fallon Senior Release Manager Oracle

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

OWASP AND APPLICATION SECURITY

White Paper Secure Reverse Proxy Server and Web Application Firewall

Application Security Testing. Generic Test Strategy

Ethical Hacking as a Professional Penetration Testing Technique

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Integrating Web Application Security into the IT Curriculum

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

Course Title: Course Description: Course Key Objective: Fee & Duration:

FORBIDDEN - Ethical Hacking Workshop Duration

Software Development: The Next Security Frontier

CompTIA Security+ (Exam SY0-410)

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Using Nessus In Web Application Vulnerability Assessments

Attack Vector Detail Report Atlassian

Penetration Testing in Romania

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda

Using Web Security Scanners to Detect Vulnerabilities in Web Services

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Transcription:

Tstsec - Version: 1 09 July 2016 Application Security Testing

Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the most valuable asset is information. There is no doubt that today's applications must be secure. Security Standards are created to insure products will implement security measures to protect their data. Security is an "all-inclusive" term, which means it must be implemented "everywhere", in all levels: Users: Train your users and build awareness to help them to reduce the risk of performing irresponsible actions which will be used by the attacker. Make sure your UI helps your user to take the correct decisions. Infrastructure: Firewalls, Network Admin, Host & Server Hardening, Network traffic encryption etc. Application: Authentication, Authorization, Input validation, Encryption, Configuration management, Parameters manipulation, Auditing, Error Handling etc. The application must be designed and implemented while taking security issues into consideration. We have to remember that the attacker needs to find just one security breach while we have to protect everywhere. Leaving one of the above levels unhandled will result in a completely unsecured product. Application security is not just another feature. You can not just turn it on. Application security demands a lot of thinking. Threat modeling and a lot of design work must be done. Many concrete actions must follow in every phase of the development cycle.

Security Testing: Testing is a crucial part of Security Development Lifecycle. The tester must understand methodology of secure development. He has to build a security test plan using the threat modeling documentation. The tester has to understand the Hacking mechanics. He has to get out of the box and think like a hacker. The tester has to know the security testing methodology. The hacker must be diligent and work systematically to find security breaches All this and more will be taught in the course. Intended audience: This course is intended for Test engineers, Test Team Leaders, Quality Officers/Engineers. Prerequisites: Participants should be familiar with the general concept of a Web development & technologies Objectives: Write a Security Test Plan Understand common attacks Understand and practice the procedure of security testing & Hacking Be able to take an application and conduct Penetration Testing and Fuzzing. Work with common tools in the market. Topics: What is application security What does Application Security deals with Best practices

º WS basics º In the Lab the students will test a live demo site using the tools and methods they learned in the class. Network Hacking Labs (2 days) Network Discovery Enumeration Null Sessions and shares Sniffing Bypass identity management. Vulnerabilities Scanners Attack Frameworks Reverse shells Trojans Applications Tampering DOS º Networking Attacks simulation Tools and methods

º The students will conduct code scanning SDL Security Development Life Cycle and Threats and vulnerabilities The STRIDE categories Creating a threat model The SDL methodology º Security Challenges in the SOA world and testing implications º The students will conduct threat modeling Writing a security test plan How to write security test cases How to set up security testing programs (and how they are different from standard testing) OWASP testing best practices º Federation and check identity

º The students will design and conduct a fuzzing test Web technologies & security Technologies Http & TCP Servers & Proxies Encryption and Hashing SSL & Digital signatures Authentication Technologies Common attacks & Demos OWASP top ten Buffer Overrun SQL Injection Cross Side Scripting XSS Denial Of Service (many types) Back Doors Spoofing Forceful browsing & Flow Bypassing Parameter manipulation Information Disclosure One Click Attack Session Hijacking Cookie Poisoning Directory Traversal º XML WS standards

º Validation Testing execution and methodologies Requirement phase Design phase Discovery phase The security testing check lists Execution phase - Attacks simulation Tools and methods º Discovery tools º Http Proxies º Fuzzing tools º Crackers (Brute force, Hashing ) º Scanners º Code analyzers How to choose the correct tool Tools evaluation Fuzzing Penetration Testing White box vs. black box After testing Static and dynamic code analysis theory Describe how the tools work and compare them Static code analyzer review Dynamic code analyzer review º Web Services Documentation How to write a security report Mitigations

º App security Labs www.sela.co.il 03-6176066

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information