Course Outline
Introduction
Overview of Web Security Testing Guide
- The OWASP Testing Project
- Tailoring and prioritizing for organizations
- Testing principles and techniques
- Security testing objectives and requirements
Exploring Various Testing Techniques
- Manual inspections and reviews
- Threat modeling
- Source code review
- Penetration testing
- Security test integration and data analysis
Understanding the OWASP Testing Framework
- Activities from development to deployment
- Maintenance and operations
- Lifecycle end-to-end testing framework and workflow
- Penetration testing methodologies
Performing Web Application Security Testing
- Information gathering
- Configuration and deployment management testing
- Identity management testing
- Authentication and authorization testing
- Session management testing
- Input validation testing
- Testing for error handling
- Testing for weak cryptography
- Business logic testing
- Client-side testing
- API testing
Reporting the Testing Assessment and Results
- Introduction section
- Executive summary
- Findings section
- Appendices
Getting Involved in the Web Security Testing Guide
- Referencing and linking WSTG scenarios
- Code of conduct
- Contribution guide
- Feature requests and feedback
Summary and Conclusion
Requirements
- A general understanding of web development lifecycle
- Experience in web application development, security, and testing
Audience
- Developers
- Engineers
- Architects
Testimonials (5)
Sangat ramah, kami dapat berbicara sesuka kami, semuanya berjalan dengan baik.
Axel - Université Libre de Bruxelles
Course - Advanced TypeScript
Machine Translated
You can really tell that Piotr is an expert on pen testing, he really showed skills and knowledge.
Ruben - Waterford Chamber Skillnet
Course - OWASP Top 10
Well planned. Without much foundation, I didn't get lost and I knew where I was. Issues from general to specific provide the basis for further work in your own field.
Andrzej - TENSOFT Sp. z o.o.
Course - Design Patterns in PHP
Machine Translated
having a one to one session with Raymond was amazing he was really great and attentive to all my training needs.
Joshua
Course - Secure Developer .NET (Inc OWASP)
Lihat implementasi aktivitas secara real-time menggunakan contoh alat investigasi/cracking aplikasi.
Paweł - Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy
Machine Translated