Security Testing for the Web and How to Automate it! (CSTP Elective) or (CTM Elective)

This tutorial covers the Elective area of the Test Management Body of Knowledge (TMBOK) required for the Certified Test Manager (CTM) certification. This tutorial also covers the Elective area of the Certified Software Test Professional requirements.

Concepts

Would you recognize security vulnerability in your system or application if you saw it? Most testers and developers don't recognize security vulnerabilities when they see them. So it isn't surprising that most test groups don't perform any security specific testing at all. Security testing is easy to add to your test strategy, and it's a good candidate for automation.

This seminar brings you up to speed on today's security realities and shows you just how insecure our Internet/Intranet systems are. You will find out what hackers are doing, and how they are doing it. This seminar shows testers what to test for and how to test it to ensure their system is able to withstand current attack strategies and how to connect to ongoing information streams that will keep them on top of security vulnerabilities as they are discovered.

Outline

• Introduction
  • The good news about security vulnerability'
  • What’s at risk
  • Reporting
• What to test for and how to test it
  • The 4 main security vulnerabilities and how to design tests for each
  • Buffer Overflow
  • Cross Site Scripting (XSS)
  • SQL Injections
  • Encoded strings
  • Other Security Issues
• How to automate your security tests

Participants will learn:

• How hackers break into our systems.
• What tests you need to perform to detect weaknesses in your Web server, Database Server, your Portals, and your applications.
• How to automate these tests and use them for more than just security testing
• How to report your results so that management understands the value of your effort
• Where to find security resources, BLOGS, and newsletters that will help you stay informed about current Security Issues