Testing Web Application Security

PT0272
Training Summary
Testing Web Application security is not intuitive and to be effective you need to understand web application design, HTTP, JavaScript, browser behavior, and potentially other technologies such as AJAX, JSON and XML. The security testing challenge is often more acute due to poor or missing Security Requirements, as well as the fact that testing interval often does not account for security testing. This course provides the knowledge and skills Testers need to detect security vulnerabilities in web applications using a combination of manual and automated methods.
Prerequisites
Application Security and the SDLCA solid understanding of either Java and JSPs, OR C# .NET and ASPs, OR PHP
Duration
2 Days/Lecture & Lab
Audience
This course is designed for experienced QA staff who wish to enhance their skills with the techniques necessary to accurately and thoroughly assess the security of web applications.
Course Topics
  • Introduction
  • Survey of Vulnerabilities
  • Using a Web Proxy
  • Detecting XSS
  • Detecting SQL Injection
  • Detecting Command Injection
  • Detecting Other Vulnerabilities
  • Quiz Answers

Related Scheduled Courses

Certified in Risk and Information Systems Control Boot Camp (CRISC)
Almost GTR
Applying the NIST Risk Management Framework
C)ISRM Certified Information Systems Risk Manager
C)ITP: Certified Information Technology Principles