QA Security Training

Training for QA Security Testing

Whether your organisation has experienced manual software testers, or makes heavy use of automated testing, it is highly probable that 70-90% of the tests performed during a standard web application assessment could be done by a manual in-house team, or automated. This can represent a significant cost-saving, both on external expertise, and early tracking and remediation of vulnerabilities.

Our course lays bare the secrets of web application hacking, giving internal teams access to the same tools and techniques used by our assessment team. This includes:

• Negative Testing and Security
• Simple auditing of security settings
• How to recognise a security flaw
• Using automated tools to check application functions for common coding flaws
• Using interactive tools to check application logic for common logic flaws
• An introduction to penetration testing

Within the course:

• Learn to use Burp Suite
• Test Security Non Functional Requirements from a check-list
• Follow self-paced material and end-of-module assessments within any SCORM-compliant LMS
• Practice against hundreds of examples, with solution videos
• Learn either self-paced, or through an instructor-led session

Course Contents

In order to minimise the impact on development teams, we typically offer our course as a 2-day course, and offer condensed versions including:

• A 1-day course, covering the OWASP Top Ten
• A 2-day course, covering topics as described in the image below
• A 3-day course, covering topics described below, but also providing a foundation for core concepts such as HTTP, HTML, JavaScript and instructor-aided walkthroughs of all of Burp Suite’s features.

A typical course outline incorporates the OWASP Top 10 (2013 Edition) at its core, and makes heavy use of Burp Suite.

Related services include:

• Application Security
• Code Review
• Secure Web Development Training
• WAHH Training