How to Break Software Security
COURSE OVERVIEW
Learn how to recognize potential security holes before attackers
do! This course is designed to give testers and developers the tools
and techniques they need to help find security problems before their
application is released. The course content is based on the first
book to be published on the topic of application security testing:
How to Break Software Security. This course will lay the foundation
you need to effectively recognize and expose security flaws in
software. It introduces a fault model to help testers conceptualize
these types of bugs. The instructors will take you through a set of
software attacks that have proven effective at exposing security
bugs. You'll walk away with a full arsenal of software attacks to
uncover security vulnerabilities in your software before hackers
discover them for you.
COURSE OUTLINE
| I. Introduction
to Software Security |
|
| |
- Learn why security bugs are different from functional
bugs in software
- Understand why security bugs are usually missed during
functional testing
- Learn to recognize symptoms of insecure behavior in your
software
|
| II.
The Four Classes of Security Vulnerabilities |
|
|
| |
- Learn what a security bug really is
- Learn the four basic classifications of security
vulnerabilities
|
| III.
Assessing Risk |
|
|
- Learn how to recognize the security threats to your
application
- Get into the mind of the attacker and master the art of
translating threats into malicious uses of your software
- Learn how to recognize potential security holes before
attackers do
|
| IV.
Overview of the "How to Break Software Security" Methodology |
|
| |
- Learn how to determine which security attacks apply to
your application
- Learn how to quickly develop Hack Cases for each attack,
tailored to your application.
- Learn how to conduct an attack and recognize success
|
| V.
Attacking Dependencies |
|
| |
- Discover 5 techniques that test that your application
responds securely if a dependency were to fail
- Learn how memory, network, files, registry and other
resources can cause your application to behave insecurely
- Learn how to simulate dependency failures in your
application's environment using Fault Injection tools
|
| VI.
Attacking through the User Interface |
|
| |
- Learn about SQL injection, buffer overflows, escape
characters, executable data and much more
- Learn about the most common security vulnerability in
software and how to test for it
- Learn the 3 testing techniques to expose security
vulnerabilities in your software through the user interface
|
| VII.
Attacking Design |
|
| |
- Learn 7 testing techniques to expose vulnerabilities
that can creep into an application at the design stage
- Understand why legacy code can create huge security
holes
- Learn how inappropriate uses of temporary files and the
registry can be manipulated to force insecure behavior
|
| VIII.
Attacking Implementation |
|
| |
- Learn 4 techniques that can be used to expose
vulnerabilities that exist because of implementation errors
- Recognize error messages that reveal sensitive
information
- Learn about how timing related vulnerabilities work and
how to expose them during testing.
|
|
For more information please contact Sales at +1.978.694.1008
x24 or
email |
