Q/SSP® Qualified/ Software Security Penetration Testing
New Rules to Attack Software
This 5-day hands-on workshop introduces you to "How to penetrate your software," a step-by-step methodology to effectively and efficiently attack software, break and FIX software. You will learn a very applied and non-rigid approach to testing software for common bugs. It's a departure from conventional network penetration in which porgrammers prepare a written attack plan and then use it as a script when attacking the software. The class teaches you how to plan attacks "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding.This workshop is presented in an "interwoven" format where each topic has a hands-on component so that you can explore the attacking techniques and software tools using real software.
THIS CLASS BEST taken in the 5 day SOFTWARE SECURITY BOOTCAMP! $2,995
HOW TO BREAK & FIX SOFWARE SECURITY
and HOW TO BREAK & FIX WEB SECURITY
and FUNDAMENTALS OF SECURE SOFWARE PROGRAMMING
and SOFTWARE SECURITY TESTING BEST PRACTICES
and HACKING SOFTWARE - ATTACKER TECHNIQUES EXPOSED
| Class Fee: | $2,995 |
| Time: | 7:45am - 5pm |
| Location: | Click here to view the class schedule |
| Learning Level: | Intermediate |
| CPE Credits: | 40 |
| Prerequisites: | Understanding of TCP/IP protocols |
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
Learning Level: Programmer - Intermediate
Who Should Attend Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists,In this class you will learn:
- A step by step methodology and models for effective software testing
- A plan for on-the-fly testing
- How to develop an insight to find those hard-to-find bugs
- How to attack Inputs and Outputs from the User Interface
- How to attack Data and Computation from the User Interface
- How to attack the File System Interface
- How to attack the Software/OS Interface
- How to use Holodeck Lite to inject faults for File System and OS testing
Participants will also receive a copy of Exploiting Software or a Practical Guide to Testing (one copy per company), a reference book of published testing articles, class notes, checklists, and a CD containing Holodeck Lite (fault injection software testing tool.)
Class Agenda:
I. Introduction
- Are you a Hacker or a Tester? Learn the difference
- Learn about the three characteristics of good testing
- Where are the bugs? Learn methods to seek the "hidden" ones
- Overview of Fault models
II. Understanding the Environment
- Learn the difference between the four interfaces to your application
- Why does each environmental interface need to be attacked?
- Gain the knowledge regarding the environment so you can find more bugs
III. Software Capabilities
- Understand the four capabilities and how they affect you as a tester
- Learn how to seek the bugs that destroy the software's capabilities
IV. Software Testing
- Learn the two most important factors to ensure great testing
V. An Overview of the Methodology of How To Attack Software
- What are the four basic capabilities of software?
- Learn how to determine which attacks apply to your application.
- Understand the secret to structuring your attacks into related scenarios.
- Learn how to conduct an attack and recognize success
a.) The User Interface (UI)
- What are the four areas within the UI that need to be tested?
- Learn how these areas interact and why they can be difficult to test
UI Areas 1 & 2 - The Input and Output Domains
- Understand the two domains and why they are so important to attack
- Learn the six input domain attacks and how to apply them
- Learn how to test inputs tested individually and in combination
- Learn the four output domain attacks and how to apply them
- Learn the secret to concentrating on what incorrect results could occur and then find the inputs to force them
UI Area 3 -Stored Data
- Explore how stored data can become corrupted
- Learn how to successfully apply four stored data attacks
UI Area 4- Computation
- Understand what computation is happening inside the program
- Learn four testing techniques that "get in the way" of the desired computation
b.) The Kernel Interface
- Learn how memory can cause applications to fail
- Learn how to effectively test the kernel through "controlled" testing
c.) The File System Interface
- Understand how the file system can cause applications to fail
- Learn and use two important attacks to evaluate the vulnerabilities in the file system interface
d.) The Software Interface
- Understand how reused software can cause applications to fail
- Learn and use two important methods to test the software interface
