Security Testing
Isha presents an Extensive and highly interactive “Security Testing” by our industry expert with 19 years of hands-on experience. Learn all the Security Testing concepts with hands-on practical examples. The course syllabus is designed by considering the current job market trends and industry requirements.
About the Instructor:
Kiran is an ITIL qualified Full Stack SDET specialist, Corporate Trainer and Consultant with over 19 years of experience in leading & delivering corporate training with tangible direction to IT professionals by imparting white-box knowledge in Software Testing, Security Testing, Test Automation, Test Practices & Competencies, Corporate Trainings & TCoE Delivery.
We cannot be good at something unless we like it and have fun doing it. The approach I take in my training sessions is to get the participants excited about technology and make it entertaining. I would like to consider myself an “Entertrainer”. → Successfully trained 6000+ employees across 500+ corporate giants & is still counting → Has been a trainer for both in-house as well as public, corporate programs and has streamlined the development of training material and training process for QA related areas, across corporate clientele and contributing to bottom line customer satisfaction |
Live Sessions Price:
For LIVE sessions – Offer price after discount is 149 USD 139 129 USD Or USD15000 INR 13000 INR 9900 Rupees.
Demo Session:
3rd October @ 8 PM – 9 PM (IST) (Indian Timings)
3rd October @ 10:30 AM – 11:30 AM (EST) (U.S Timings)
3rd October @ 3:30 PM – 4:30 PM (BST) (UK Timings)
Class Schedule:
For Participants in India: Monday to Friday 8 PM – 9 PM (IST)
For Participants in the US: Monday to Friday 10:30 AM – 11:30 AM (EST)
For Participants in the UK: Monday to Friday 3:30 PM – 4:30 PM (BST)
Prerequisites:
Good understanding of:
- Websites and web browser
- Client Server architecture
- REST APIs
- Basic knowledge of HTTP/HTTPS protocol
- Basic understanding of HTTP methods
- Basic understanding of functional testing
What student’s have to say about Trainer :
Easy to understand even difficult concepts, step by step explanation with real examples – Vick
Excellent explanation from basics with clear examples. – Shan It is very good for learning and understanding in a simple and logical way. – Nick I appreciate your expertise on teaching the subject with so much clarity and depth. Thank you for being such a wonderful coach and guide. – Latha To the point explanation by instructor, Realtime examples also shared. learned alot through this course. – Kamala Thank you so much Kiran Sir for the wonder full explanation worth to watch,and you always proves that anybody can learn anything from scratch, if trained by good trainer like you. – Satish |
What will I Learn by the end of this course?
- By the end of this course, you will become a Security testing professional using these tools: Burp Suite, Vooki, NMap
- LO1 Understand OWASP top#10 vulnerabilities & server side missing validations
- LO2 You will get complete knowledge on APIs security testing & Web applications security testing
Salient Features:
- 25 Hours of Live Training along with recorded videos
- Lifetime access to the recorded videos
- Course Completion Certificate
Who can enroll in this course?
- Security enthusiasts
- Security professionals intending to upskill for compliance based penetration testing
Course syllabus:
Chapter 1: Introduction to Web client & server, 3 Tier architecture and API Introduction/ Basics
- What is an API and the use of an API in an enterprise application along with API examples
- Introduction to data description formats wherever API calls are developed & consumed in an application
- Introduction to web application architecture
- Client & Server model
- HTTP & HTTPS protocols
- SSL & TLS protocols
- HTTP Request Headers
- HTTP Response Headers
- HTTP Methods/HTTP verbs
- Safe HTTP methods vs Unsafe HTTP methods
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS & HEAD
- Examples demonstration for HTTP request headers, HTTP response headers, HTTP response codes
- Practical example for demonstrating client & server architecture model
Chapter 2: Evolution of API’s, Types of API’s & Examples of REST & SOAP API’s
- Introduction to API Architecture/Web-Services
- SOAP API (Simple object access protocol – Application Programming Interface) & WSDL
- REST API ( Representational State Transfer – Application Programming Interface)
- Definition of an API Syntax –> Understanding HTTP Method, Protocol, API URI, End points, Query Parameters, Resources, Request body, Authentication type, Request Headers, Request Cookies
- Live examples available on public internet for RESTful APIs & SOAP APIs
Chapter 3: Server Side Security Testing & OWASP Top #10 Vulnerabilities
- What is Threat, Target, Security Testing, Vulnerability Assessment Testing, Penetration Testing
- Understanding OWASP and OWASP Top #10 vulnerabilities [HANDS-ON-EXERCISE]
-
- Insecure communications
- Insufficient tls
- Sensitive information disclosure
- Using components with known vulnerabilities
- Missing security headers
- Open network ports detection
- HTML injection
- Cross site scripting (xss)
- Insecure direct object reference
- SQL injection
- Broken authentication
- Broken access control [skip security questions during password reset]
- Jwt tokens abuse
- Brute force attacks/ddos attacks
- Directory/file traversal attacks
- Throttle testing/rate limiting testing
- How to scan the domain/host to discover below details in INFO GATHERING phase [HANDS-ON-EXERCISE]
- Application technology details
- Server hosting details
- SSL/tls versions
- Open/closed ports
- Explore the below tools to aid in INFORMATION GATHERING phase [HANDS-ON-EXERCISE]
- Os detection using ttl
- Wappalyzer, whatruns
- Shodan
- Security-headers-analyzer
Chapter 4: Port Scanning Using NMAP Tool [HANDS-ON-EXERCISE]
- What is Nmap [Network Mapper] tool
- What are network ports used for
- Executing commands to discover open, filtered & closed ports
Chapter 5: API & Web Application Security Testing [HANDS-ON-EXERCISE]
- Installation of API security testing tool
- Conducting vulnerability assessment testing on APIs
- Generating HTML test report using the tool
- Installation of Burp Suite tool
- Conducting vulnerability assessment testing on web applications
- Understanding & exploiting OWASP vulnerabilities
- Exploring Burp Suite features such as Intruder, Repeater, BApp Store, Encoder
Chapter 6: Security Testing of IOS & ANDROID Apps [HANDS-ON-EXERCISE]
- Installation of mobile apps security testing tool
- Scanning the Android apk for vulnerabilities detection
- Identifying the linked URLs used in Android apk
- Conducting Full scan, Basis scan & Manual scan on the Android apk
- What is code obfuscation
- How to reverse engineer to get Android APK source code
- Conducting code obfuscation for Android apk files using tools
- Generating the security vulnerabilities test report for Android apk scan
Chapter 7: Finding Source Code OSS Vulnerabilities (Open Source Software) – SAST [HANDS-ON-EXERCISE]
- Conducting source code whitebox security testing
- Integration of tool with Github to fetch source code
- Understanding OWASP vulnerabilities at source code level
How can I enroll for this course?
OR
For any other details, Call me or Whatsapp me on +91-8019952427
Live Sessions Price:
For LIVE sessions – Offer price after discount is 149 USD 139 129 USD Or USD15000 INR 13000 INR 9900 Rupees.
Sample Course Completion Certificate:
Your course completion certificate looks like this……
Course Features
- Lectures 0
- Quizzes 0
- Duration 25 hours
- Skill level All levels
- Language English
- Students 1856
- Assessments Yes