Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Software Security Testing Best Practices

How do you find security flaws beyond simple ones like buffer overflows? Most of the current software security testing falls into one of two categories: random corruption of files or network protocols and re-executing existing, known vulnerabilities against new versions of software.

This 5 day class brings you to the forfront of Hacking code. Hackers find subtle and innovative flaws and exploit them and you need a more regimented, more creative process to find them before you do. Identify and root out harmful security defects in both commercial and internal software applications. Get the basics on how to conduct an allpication security threat assessment of your systems before or after they go live. Learn how to develop a comprehensive security test strategy and build a team with the right mix of skills and experience to execute it. Discover novel yet disciplined approaches for using fault injection to find application security vulnerabilities before your software is exposed to hackers.

Class Fee: $2,995
Time: 7:45am - 5pm
Location: Click here to view the class schedule
Learning Level: Intermediate
CPE Credits: 40
Prerequisites: Understanding of TCP/IP protocols

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Learning Level: Programmer - Intermediate

Class Benefits.

Who Should Attend?    This is a must-have class for functional testers who need to make the transition to finding security bugs. It is also essential for test managers because it teaches the soup to nuts process of security testing and how this type of testing fits in to the overall QA process.  Additionally, software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Attendees will walk away with the skills and techniques to both build a solid security testing team and to expose the most insidious application security vulnerabilities.

Class Outline

I. Introduction 

II. Methodology

III. In-Depth Look at Security Vulnerabilities

Note : This section of the course is organized such that each vulnerability type will be analyzed including: vulnerability cause, symptoms, prevention and testing techniques and tools to find them in software.

1.) System-Level 

2.) Data Parsing

3.) Information Disclosure

4.) On the Wire 

5.) Web sites 

IV. Conclusion

*Class fees are subject to change

View Class Schedules