System Verification
Menu

Security Testing

The course Security Testing aims to prepare you to be able to carry out targeted Security tests on a simple software.

Level Advanced
Price On request
Duration 2 day

The course Security Testing aims to prepare you to be able to carry out targeted Security tests on a simple software. The course covers both planning, risks, task prioritization and execution of Security Testing according to OWASP top-10. The course highlights the current external threats, demonstrates how a structured risk evaluation leads to clear priorities and dialogues with the customers and carefully examines the most common deficiencies in the web applications and discusses how the various available strategies work and can be implemented.

The course highlights various security related tools and web pages, such as SHODAN, Metasploit, Ip-Viking, Microsoft Threat Modelling Tool, WebGoat and Fiddler, but does not go into depth as you are expected to have prior knowledge of these tools. The focus is on how to introduce threat modelling, risk management, implementation of vulnerability analysis and reporting.

The course includes both theory and practice, to prepare the participants as much as possible for future assignments. During the two days theory and practice are continuously interspersed, with the results of each exercise being discussed.

WHO SHOULD ATTEND?

To participate in this course, you should have practical experience of testing. The course is aimed at employees who wish to gain a basic understanding of Security Testing, understand how a small Security Testing project looks like and try out the tools that are useful and effective in this type of project.

TAILORED, IN-HOUSE TRAINING

We also offer this course internally to companies. For prices and other information, contact Emil Sigvant on telephone +46 73 661 28 84 or by email.

Content

Security Testing

  • What is Security Testing?
  • What is the current worldwide status?
  • Why perform Security Testing?

Implementation process 

  • Start-up and planning
  • Interviews and other information gathering
  • Threat modelling
  • Vulnerability analysis and exploitation
  • Reporting and presentation
  • Action plan