2 Dayscybersecurity testing

This is a practical course designed to provide a foundation for security testing. You will learn the terminology, the unique issues, and the process for testing security in web and enterprise applications. As a result of attending this seminar, you should be able to understand security issues and have an increased comfort level in testing the security of web-based and enterprise applications.

This is an ideal course for test team managers and leaders who need to understand security testing and how to integrate security testing into existing software testing activities. This is also a foundational course for people seeking further training in security testing, such as the ISTQB Advanced Level Security Tester certification. (This course does not lead to certification and is not a pre-requisite for the ISTQB Advanced Level Security Tester certification)

Foundational Security Testing Methods will help you become more comfortable and confident in dealing with security testing issues. You will emerge from this two-day session knowing how to develop a security testing strategy and security test plan. You will learn the details of how attackers break into system and how to design tests to validate that security is adequate to prevent such attacks. You will also have an understanding of how hackers and attackers think.

The information that your company obtains and stores is perhaps its most valuable corporate asset. Learn how to protect it and make sure protection measures are working in this course.

Return on Investment

Who Will Benefit

The program requires basic IT and testing knowledge or experience

 

Program Information

This course is presented on an in-house basis only unless offered as a live virtual course

To register for the live virtual course: https://www.mysoftwaretesting.com/Foundational_Security_Test_Methods_p/fstmvirt.htm

 

Topics

Module SECA - Introduction to Computer Security (45 Mins.)

This is an introduction to basic concepts of information security in a variety of environments, including web-based and internal corporate systems. Security will be examined in the light of risks, benefits and threats.

Module SECB - Understanding the Attackers (1 Hr.)

By understanding how computer crooks think, security professionals and testers can leverage that information to effectively audit and test systems.


Module SECD - Security Protocols and Techniques  (1 Hr.)

There are a variety of security protocols and techniques that are commonly in use. This module examines those techniques and how they work.

Module SECE - Internet Privacy and Information Privacy (45 mins.)

There is considerable debate as to whether there is such a thing as privacy in the digital age. Even with an assumed level of lack of privacy, there are still significant privacy concerns that individuals and organizations need to be aware of. Lack of attention to privacy concerns can hurt a company's online business or can cause an individual personal losses.


Module SECF - A Process for Security Testing (1 Hr.)

This module presents a process for planning, conducting and evaluating security testing.

Module SECG - How to Develop a Security Testing Strategy (1 Hr.)

Like other forms of testing, the test strategy is an effective way to define the test objectives, the scope of testing, and the attributes that make testing a particular system or web site unique.

Module SECI - Writing a Security Test Plan (1 Hr.)

This module describes how to customize your own security test plan standard and how to use that standard in developing security test plans.


Module SECJ - Understanding Security Attacks and Developing Security Test Cases (3 Hrs.)

It's difficult to test anything until you understand it. This module is an extensive coverage of some of the most popular and destructive network-based attacks, how they are performed, how they can be prevented and how you can test to assure that the prevention measures have been adequately applied. Topics include:

Module SECK - Performing Security Tests (1 Hr.)

Performing security testing can be a difficult and risky effort. This module discusses things to consider in establishing the test environment, communicating the performance of the test, how to view the test results and how to stay out of trouble in performing the test.

Module SECL - Reporting the Results of Security Testing (1 Hr.)

This module presents a standard for security test reporting and a sample security test report.

Module SECM - Security Testing Tools (45 mins.)

There are a variety of tools that can be used to detect network vulnerabilities, excessive load levels and other attacker exploits.

Module SECL - How to Write a Security Response and Recovery Plan (30 min.)

You've done all you can to prevent an attack, but how will your organization respond to a new type of attack? How will you know the security response plan works? This module presents a standard for a security response and recovery plan. A sample security response and recovery plan will be reviewed and it's applicability determined in light of a case study.

Module SECN - Developing an Action Plan for Security (30 mins)

In this module, you will develop an action plan for yourself and your organization to address security testing.