Realtime website analytics

 

 

Q/SSP® Qualified/ Software Security Penetration Testing

New Rules to Attack Software

Download SU's class schedule now!This 5-day hands-on workshop introduces you to "How to penetrate your software," a step-by-step methodology to effectively and efficiently attack software, break and FIX software. You will learn a very applied and non-rigid approach to testing software for common bugs. It's a departure from conventional network penetration in which porgrammers prepare a written attack plan and then use it as a script when attacking the software. The class teaches you how to plan attacks "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding.This workshop is presented in an "interwoven" format where each topic has a hands-on component so that you can explore the attacking techniques and software tools using real software.

THIS CLASS BEST taken in the 5 day SOFTWARE SECURITY BOOTCAMP! $2,995
HOW TO BREAK & FIX SOFWARE SECURITY
and HOW TO BREAK & FIX WEB SECURITY
and FUNDAMENTALS OF SECURE SOFWARE PROGRAMMING
and SOFTWARE SECURITY TESTING BEST PRACTICES
and HACKING SOFTWARE - ATTACKER TECHNIQUES EXPOSED

Class Fee: $2,995
Time: 7:45am - 5pm
Location: Click here to view the class schedule
Learning Level: Intermediate
CPE Credits: 40
Prerequisites: Understanding of TCP/IP protocols
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Learning Level: Programmer - Intermediate

We're here to help!
CALL NOW 877-357-7744

Who Should Attend

Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists,

In this class you will learn:

  • A step by step methodology and models for effective software testing
  • A plan for on-the-fly testing
  • How to develop an insight to find those hard-to-find bugs
  • How to attack Inputs and Outputs from the User Interface
  • How to attack Data and Computation from the User Interface
  • How to attack the File System Interface
  • How to attack the Software/OS Interface
  • How to use Holodeck Lite to inject faults for File System and OS testing
Take-Home Bonus:

Participants will also receive a copy of Exploiting Software or a Practical Guide to Testing (one copy per company), a reference book of published testing articles, class notes, checklists, and a CD containing Holodeck Lite (fault injection software testing tool.) 


Class Agenda:

I.  Introduction

  • Are you a Hacker or a Tester? Learn the difference
  • Learn about the three characteristics of good testing
  • Where are the bugs? Learn methods to seek the "hidden" ones
  • Overview of Fault models

II.  Understanding the Environment

  • Learn the difference between the four interfaces to your application
  • Why does each environmental interface need to be attacked?
  • Gain the knowledge regarding the environment so you can find more bugs

III.  Software Capabilities

  • Understand the four capabilities and how they affect you as a tester
  • Learn how to seek the bugs that destroy the software's capabilities

IV.  Software Testing

  • Learn the two most important factors to ensure great testing

V.  An Overview of the Methodology of How To Attack Software

  • What are the four basic capabilities of software?
  • Learn how to determine which attacks apply to your application.
  • Understand the secret to structuring your attacks into related scenarios.
  • Learn how to conduct an attack and recognize success

a.) The User Interface (UI)

  • What are the four areas within the UI that need to be tested?
  • Learn how these areas interact and why they can be difficult to test

UI Areas 1 & 2 - The Input and Output Domains

  • Understand the two domains and why they are so important to attack
  • Learn the six input domain attacks and how to apply them
  • Learn how to test inputs tested individually and in combination
  • Learn the four output domain attacks and how to apply them
  • Learn the secret to concentrating on what incorrect results could occur and then find the inputs to force them

UI Area 3 -Stored Data

  • Explore how stored data can become corrupted
  • Learn how to successfully apply four stored data attacks

UI Area 4- Computation

  • Understand what computation is happening inside the program
  • Learn  four testing techniques that "get in the way" of the desired computation

b.) The Kernel Interface

  • Learn how memory can cause applications to fail
  • Learn how to effectively test the kernel through "controlled" testing

c.) The File System Interface

  • Understand how the file system can cause applications to fail
  • Learn and use two important attacks to evaluate the vulnerabilities in the file system interface

d.) The Software Interface

  • Understand how reused software can cause applications to fail
  • Learn and use two important methods to test the software interface

*Class fees are subject to change

Top 

View Class Schedules

   
 
Current Schedule
Site Map SU Policies Webmaster Contact Us Opt-Out Testimonials Advertise Brochure
Copyright © 2017 Security University, Inc. All rights reserved.
Translate this page to