Introduction to Security Testing
Information Security Background
CIAA++
Understanding Software Application Risk
The Software Security Problem
Understanding Risk
Threat Modeling
Architecture Risk Analysis
Risk Assessment Exercise
Prioritizing Security Assurance
Application Security Testing Approaches
Types of App Security Testing
Discovery & Reconnaissance Analysis
Vulnerability Scanning
Security Assessments
Red Teaming
Security & Compliance Audit
How They Are Similar
How They Are Different
Reconnaissance and Scanning Demos
Security Requirements
Functional Security Requirements
Non-Functional Security Requirements
Addressing Conflicts
Identifying Security Requirements
Security Requirements Exercise
Use and Abuse Cases
Security Testing to Thwart Attacks
Security Testing Authentication
Attacks Against Authentication
Session IDs and Cookies
Authentication Testing
Race Conditions
Session Management
Replay Attacks
Cross Site Request Forgery (CSRF)
Testing Authentication Exercise
Security Testing Authorization / Access Control
Testing Access Control
Security Testing Authorization Exercise
Security Testing Input Fields
Input Validation
Data Validation
Common Attacks
Security Testing Input Fields Exercise
Database Testing for Security
Security Testing for Data Storage
Security Testing Databases Exercise
Security Testing Code and Resources
Integrating Security into Your Testing Process
Security in an Agile World
Security in a Waterfall World
Developing a Security Test Plan
Tools to Support Security Testing
Security Tools in a DevOps Process
Exploiting Vulnerabilities Exercise
Wrap Up