How to Break & FIX Software
New Rules - its time to break and fix software!
This 5-day hands-on workshop introduces you to "How To Break and FIX Software," a 17-step methodology to effectively and efficiently test software. You will learn a very applied and non-rigid approach to test software for common bugs. It's a departure from conventional testing in which testers prepare a written test plan and then use it as a script when testing the software. The class teaches you how to plan tests "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding. This workshop is presented in an "interwoven" format where each topic has a hands-on component so that you can explore the testing techniques and software tools using real software.
THIS CLASS ALSO in 5 day BOOTCAMP! $2,995
HOW TO BREAK & FIX SOFWARE SECURITY
and HOW TO BREAK & FIX WEB SECURITY
and FUNDAMENTALS OF SECURE SOFWARE PROGRAMMING
and SOFTWARE SECURITY TESTING BEST PRACTICES
|Time:||7:45am - 5pm|
|Location:||Click here to view the class schedule|
|Prerequisites:||Understanding of TCP/IP protocols|
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
Learning Level: Basic Programmer - Intermediate ProgrammerWho Should Attend Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists,
In this class you will learn:
- A 17-step methodology and models for effective software testing
- A plan for on-the-fly testing
- How to develop an insight to find those hard-to-find bugs
- How to test Inputs and Outputs from the User Interface
- How to test Data and Computation from the User Interface
- How to test the File System Interface
- How to test the Software/OS Interface
- How to use Holodeck Lite to inject faults for File System and OS testing
What Is CWE? Want more info on CWE?
Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to:
Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities.
Serve as a standard measuring stick for software security tools targeting these issues.
Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses.
Click here for: What is CWE? PDF
Participants will also receive a copy of Dr. James Whittaker's How to Break Software: A Practical Guide to Testing (one copy per company), a reference book of published testing articles, course notes, checklists, and a CD containing Holodeck Lite (our fault injection software testing tool.)
- Are you a Hacker or a Tester? Learn the difference
- Learn about the three characteristics of good testing
- Where are the bugs? Learn methods to seek the "hidden" ones
- Overview of Fault models
II. Understanding the Environment
- Learn the difference between the four interfaces to your application
- Why does each environmental interface need to be tested?
- Gain the knowledge regarding the environment so you can find more bugs
III. Software Capabilities
- Understand the four capabilities and how they affect you as a tester
- Learn how to seek the bugs that destroy the software's capabilities
IV. Software Testing
- Learn the two most important factors to ensure great testing
V. An Overview of the Methodology of How To Break Software
- What are the four basic capabilities of software?
- Learn how to determine which attacks apply to your application.
- Understand the secret to structuring your attacks into related scenarios.
- Learn how to conduct an attack and recognize success
a.) The User Interface (UI)
- What are the four areas within the UI that need to be tested?
- Learn how these areas interact and why they can be difficult to test
UI Areas 1 & 2 - The Input and Output Domains
- Understand the two domains and why they are so important to test
- Learn the six input domain attacks and how to apply them
- Learn how to test inputs tested individually and in combination
- Learn the four output domain attacks and how to apply them
- Learn the secret to concentrating on what incorrect results could occur and then find the inputs to force them
UI Area 3 -Stored Data
- Explore how stored data can become corrupted
- Learn how to successfully apply four stored data attacks
UI Area 4- Computation
- Understand what computation is happening inside the program
- Learn four testing techniques that "get in the way" of the desired computation
b.) The Kernel Interface
- Learn how memory can cause applications to fail
- Learn how to effectively test the kernel through "controlled" testing
c.) The File System Interface
- Understand how the file system can cause applications to fail
- Learn and use two important attacks to evaluate the vulnerabilities in the file system interface
d.) The Software Interface
- Understand how reused software can cause applications to fail
- Learn and use two important methods to test the software interface