Introduction :

Over recent times there have been a number of highly public attacks on well-known corporations via their web applications. While many companies focus intensely on security of their networks, through facilities such as firewalls and encryption technology, they often leave their deployed web application quite vulnerable to attack through their choice of architecture, design and implementation. Frequently web applications are prone to simple exploits which could be easily prevented through better input validation


Course Prerequisites :

This course assumes an understanding of Web applications vulnerabilities. SANS SEC519/SEC419 course (Web Application Security Workshop) or equivalent is highly recommended.


Intended Audience :

This course is appropriate for testing, QA, and software development practitioners who are responsible for developing and executing test strategies and plans for functional and non-functional security requirements. This course requires an ability to understand security risk patterns used by attackers. Participants should be comfortable reviewing code as part of their testing activities.


Course Objectives :

After taking course u should be able to :

This course provides an overview of testing concerns relating to security of web applications. The course covers a number of facets of web security, including :

    •    Planning security testing
    •    Risk avoidance and containment
    •    Network and system security
    •    Server-side application vulnerabilities and test techniques
    •    Client-side application vulnerabilities and test techniques


Course outline :

    •    Introduction
             •    What is computer Security?
             •    Test types and their effect on application security
    •    Computer Security Concepts
    •    Test strategy and planning
    •    Test design for application security testing
    •    A survey of testing tools (IBM Watch-fire and HP Web Inspect) and resources