Security Testing Boot Camp

	Download our Security Education Curriculum Guide

COURSE OUTLINE

This course is unique in the security industry. It is a follow on to the course How to Break Software Security. Instead of learning through just lecture and general hands on labs, this course walks the students through the security issues of the actual application that they are testing day in and day out.

The objective of the intense security testing boot camp will be to find actual security vulnerabilities during the security testing initiative. Over the course of the security testing bootcamp the students will transform from top quality assurance testers into leading security testers with passion, knowledge and experience security testing their application.

COURSE OVERVIEW

I.  Pre-Course Self Study and Nightly Assignments. 
Students will need to complete required reading and analyze how specific security issues correspond to their area of testing focus of the application.

II.  Security Briefings. 
Each morning will start with a briefing on the security issues specific to the application. Application-specific security testing issues are discussed every morning and then immediately implemented against the application and throughout the day-long deep security testing sessions.

III.  Application-specific Security Testing. 
Several days of intense hands-on security testing of the application is performed by the students. The class is broken into two-person teams who compete to find the most security defects by performing specific attacks on the sections of the product they typically perform QA testing.

IV.  Corporate Requirements. 
To achieve the required results, your company needs to provide access to a developer knowledgeable of the entire application, the complete threat model as well as details on past defects discovered in the application. This will enable a strategic attack plan to be created prior to the course that will be discussed and explained during the class.

Additionally, your company needs to make sure the students do all pre-course reading and all nightly assignments. This will be an intense several days of security education and testing that will push each student as they evolve from top quality assurance testers into lead security testers. Prizes should be provided to the students for each security defect discovered with special prizes to the top three teams based on the number and severity of the security bugs they find.