Course Outline
Introduction
Overview of Web Security Testing Guide
- The OWASP Testing Project
- Tailoring and prioritizing for organizations
- Testing principles and techniques
- Security testing objectives and requirements
Exploring Various Testing Techniques
- Manual inspections and reviews
- Threat modeling
- Source code review
- Penetration testing
- Security test integration and data analysis
Understanding the OWASP Testing Framework
- Activities from development to deployment
- Maintenance and operations
- Lifecycle end-to-end testing framework and workflow
- Penetration testing methodologies
Performing Web Application Security Testing
- Information gathering
- Configuration and deployment management testing
- Identity management testing
- Authentication and authorization testing
- Session management testing
- Input validation testing
- Testing for error handling
- Testing for weak cryptography
- Business logic testing
- Client-side testing
- API testing
Reporting the Testing Assessment and Results
- Introduction section
- Executive summary
- Findings section
- Appendices
Getting Involved in the Web Security Testing Guide
- Referencing and linking WSTG scenarios
- Code of conduct
- Contribution guide
- Feature requests and feedback
Summary and Conclusion
Requirements
- A general understanding of web development lifecycle
- Experience in web application development, security, and testing
Audience
- Developers
- Engineers
- Architects
Testimonials (10)
Very friendly, we could talk as we wanted, everything went well.
Axel - Université Libre de Bruxelles
Course - Advanced TypeScript
Machine Translated
You can really tell that Piotr is an expert on pen testing, he really showed skills and knowledge.
Ruben - Waterford Chamber Skillnet
Course - OWASP Top 10
Well planned. Without much foundation, I didn't get lost and I knew where I was. Issues from general to specific provide the basis for further work in your own field.
Andrzej - TENSOFT Sp. z o.o.
Course - Design Patterns in PHP
Machine Translated
The Trainor gives more samples which really helps a lot.
Romulo - Tribal Software Philippines, Inc.
Course - Advanced TypeScript
having a one to one session with Raymond was amazing he was really great and attentive to all my training needs.
Joshua
Course - Secure Developer .NET (Inc OWASP)
The high level of instructor knowledge meant that we got a very good insight into the topics covered.
Dafydd - TATA Steel
Course - Secure Developer .NET (Inc OWASP)
See live real-time implementation of activities using sample application investigation/cracking tools.
Paweł - Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy
Machine Translated
Complex approach to the topic in connection to the practical examples, all this together with the trainer's energy and his huge experience.
Ihor - Ośrodek Przetwarzania Informacji – Państwowy Instytut Badawczy
Course - Web Security with the OWASP Testing Framework
Comprehensive look an all topics. A lot of teaching by example and a great repository of knowledge Mike left built with us.
Wojciech Kochmański - 3LP SA
Course - Front-End Development from Basic to Advanced
knowledge level of the trainer