Security Testing Training

Services  /  Trainings  /  Security Testing Training Workshop

Security for Testers and Developers

Web applications grow in complexity every day and it is extremely difficult to manage them from a security perspective. No system is bulletproof, but there are measures that, if implemented, can save companies millions from online frauds. This course helps students to understand the problems associated with web applications and the techniques used to address them.

Training description

The training takes the form of a workshop with hands-on security test of a deliberately insecure application. We will start the day building a threat model that highlights the areas we need to protect, enumerating threats that we care about. From here we will start to plan and execute security tests to explore these threats. As we look at different risks, we will cover the appropriate practical techniques and theory, and then apply these to the application. As we find vulnerabilities we will examine each vulnerability from a technical angle and its associated risk along with the best remediation approach.

What will you learn

The course will introduce you to the industry standards and best practices, at the same time teaching you how to focus on the methodology. Students will also have a major understanding of:

  how to effectively test software from a security perspective
  how to build secure software considering industry-best practices
  how web applications are developed and tested with security in mind
  how to use security requirements to plan testing efforts.
  how to explore key aspects of security testing, risk assessment, web security or threat modelling.
  understand OWASP Top 10 list of vulnerabilities

Target audience

This security training course is addressed to all companies that have a software development department, in particular to testing and software development professionals who want to include security in the software development life cycle.

Course Outline

Based on the OWASP Top 10 and OWASP Testing Project, with practical examples, participants will learn how these threads are exploited and how to protect against cybercriminals. Our course is split into 10 lectures and ends up with a quiz where participants can evaluate their newly acquired skills.

Lecture 1
Introduction and General security testing concepts (Application layer)
Lecture 2
Industry standards and best practices
Lecture 3
Security test tool introduction and setup
Lecture 4
Information gathering
Lecture 5
Identity Management Testing
Lecture 6
Authentication and Authorization Testing
Lecture 7
Session Management Testing
Lecture 8
Data Validation and Client Side Testing
Lecture 9
Business Logic Testing
Lecture 10
Reporting based on industry standards
Application security testing skills testing through written quiz


Course requires a laptop with the following minimum hardware requirements:

  2 GHz CPU or higher, 4 GB RAM or higher, 30 GB free hard disk space, Ethernet adapter.
  Administrator rights.

Participants must have a background in software testing and a basic understanding of the Linux command line.