When: 1 Day Course – 30th October 2014

Time: 9am – 5pm

Location: 68 Middle Street, Brighton, BN1 1AL, UK

Register

Overview

A challenge faced by many test teams when they are asked to include security testing in their plans is where to begin and how to proceed. If you find yourself in this position or want to extend your testing skills into the security domain then this one day workshop will set you along this path.

The workshop takes the form of a day long security test of a deliberately insecure application; we’ll start the day building a threat model that highlights the areas we need to protect, enumerating threats that we care about. From here we will start plan and execute security tests to explore these threats. As we look at different threats, we’ll cover the appropriate practical techniques and theory and then apply these to the application. As we find security problems we’ll examine the issues around reporting security problems.

The day will be a fun and highly practical one where we will cover a range of security testing techniques including common techniques such as Cross Site Scripting, Request Forgeries, Session High-jacking and many others. We will also start building your security testing toolkit from freely available tools and give you a pack of material to further your skills after course including:

• Threat Modelling 101 eBook
• A set of Security Test Technique Cheat Sheets that explains common security threats and techniques to detect them.
• A virtual environment containing deliberately vulnerable applications and a workbook for you to practice your new found skills.
• A toolkit to help you explore the security of your systems.

Learning Objectives:

• Analysis of an application from a security perspective through threat modelling.
• Learn about common and not so common techniques to expose security issues.
• Start building your toolkit to support your security testing.
• Practical experience of applying threat modelling and security testing in a realistic setting.

Target audience

This course is suitable for any tester and test leads who is looking to extend their skills into security testing. No prior experience of security testing is required but a curiosity and interest in the topic is essential. The course will focus primarily on testing the security of web applications so a basic understanding of HTTP and SQL would be useful.

About the Trainer

Bill Matthews has been a test professional since 1994 and a freelance Testing Specialist since 1998 focusing mainly leading and delivering the more technical aspects of testing including systems integration, performance, security and automation.

Register

Cancellation Policy

Refunds can be given should you need to cancel your course. Written notice (email is sufficient) is required a minimum of 45 days before the course start date. A refund will be issued minus a 15% (plus VAT) administration charge.