Course:

Security for Software Testers

Testing is a key part of development life-cycle, from checking your functional requirements actually work to constraining development to keep code focused and concise (TDD). Security testing however is often not conducted inside our life-cycle. We often wait until development is completed and ask third party penetration testing firms to find our issues for us.

This is a particularly bad idea in fast paced development teams.

Bugs are often missed or are found too late to remediate. Cost of remediation escalates and our systems become tightly coupled and increasingly fragile as a result.

Why would we want to finish engineering before finding fundamental security issues? Shouldn't we try to find these as early and often as possible? Shouldn't we take every opportunity to identify security flaws in our applications?

SafeStack helps teams weave security testing into their own testing lifecycle and tool chains without compromising agility or innovation.

 
 

Syllabus

This course is aligned with the Open Web Application Security Project (OWASP) top 10 application security vulnerabilities. These include:

  • Injection

  • Broken Authentication and Session Management

  • Cross-Site Scripting (XSS)

  • Insecure Direct Object References

  • Sensitive Data Exposure

  • Missing Function Level Access Control

  • Cross-Site Request Forgery (CSRF)

In addition to these vulnerabilities, students will gain a solid grounding in how to bring security into their testing tool-sets and working practices. This includes:

  • Security test cases, stories and what to test

  • Manual security testing key skills (parameter tampering, proxying and other basics)

  • Introduction to security testing frameworks

  • Automated security testing

  • Introduction to vulnerability scanning

  • Automated vulnerability scanning as part of development tool chains

This course is designed to be hands on and interactive. Lecture material is combined with a range of custom built labs and exercises to test students and let them experiment with the security in action.

Individual or small team?

Larger team ( 6 or more)

Duration

2 days (08:30 - 16:30)

Level

Foundation

SUITABLE FOR ROLES

Software Testers

Price per person

$1200 (excluding GST)