Software Security Testing Best Practices
How do you find security flaws beyond simple ones like buffer overflows? Most of the current software security testing falls into one of two categories: random corruption of files or network protocols and re-executing existing, known vulnerabilities against new versions of software. In 72 hours you will learn how hackers find subtle and innovative flaws and exploit them, you need a more methodical, creative process to find them before you do. Learn what it takes to do an application security threat assessment of your software before they go live. You’ll develop a comprehensive security test strategy and build a team with the right mix of skills and experience to execute it. Discover approaches for using fault injection to find application security vulnerabilities before your software is exposed to hackers.
Class Fee: | $3,990 |
Time: | 72 hrs |
Learning Level: | Entry |
Contact Hours: | 40 hr 1 wk + 32 hr pre-study & 2hr exam |
Prerequisites: | Understanding of TCP/IP Protocols |
Credits: | 72 CPE / 3 CEU |
Method of Delivery: | Residential (100% face-to-face) or Hybrid |
Instructor: | TBD |
Method of Evaluation: | 95 % attendance 2. 100 % completion of Lab |
Grading: | Pass = Attendance+ labs & quizzes Fail > 95% Attendance |
Sample Job Titles:
Analyst Programmer/ Computer Programmer
Configuration Manager
Database Developer/Engineer/Architect
IA Engineer/ IA Software Developer
IA Software Engineer/ Research & Development Engineer
Secure Software Engineer/Security Engineer
Software Developer/Software Engineer/Architect
Systems Analyst/Web App Developer
This accelerated class is taught using face to face modality or hybrid modality [excluding veterans using the Veterans Education benefits, can only attend in the face to-face modality]. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Text Materials: SU Class handbook, lab, SU resource CD’s and attack handouts.
KU Outcomes
- Students will be able to produce software components that satisfy their functional requirements without introducing vulnerabilities
- Students will be able to describe the characteristics of secure programming.
Learning Objectives.
Learn how to plan a security testing effort and integrate security testing into your QA process
Learn about risk assessments, test prioritizations and threat modeling
Acquire the skills to recognize and expose the most insidious security vulnerabilities in your applications
Discover tools, techniques and processes to make security an integral part of your release process and to create a security aware culture in your test team.
Learn the many categories of security bugs that may exist in your software and the secrets of application security testing
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class -Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool, Nbtstat, Solarwinds, Saint Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP , Cain and Abel, Ettercap system hacking, John the Ripper Wireshark sniffers, TCP dump, D sniff, tcpdump, Metasploit, ISS exploit, web app,Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), webgoat, IDA Pro, X Wget, Cyrpto tool, 'Curl' Fority, Ounce.
Who Should Attend? This is a must-have class for functional testers who need to make the transition to finding security bugs. It is also essential for test managers because it teaches the soup to nuts process of security testing and how this type of testing fits in to the overall QA process. Additionally, developers and test managers, security auditors and anyone involved in software production. Attendees gain the skills and techniques to build a security testing team and expose the most insidious application security vulnerabilities.