Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Security Testing for the Enterprise and the Web

( Duration: 3 Days )

This Security Testing for the Enterprise and the Web training course is designed to provide a foundation for cyber security testing. You will learn the terminology, the unique issues, and the process for testing security in web and enterprise applications. You will understand security issues and have an increased comfort level in testing the security of web-based and enterprise applications. You will learn the details of how attackers break into systems and how to design tests to validate that security is adequate to prevent such attacks. You will also have an understanding of how hackers and crackers think.

The information that your company obtains and stores is perhaps its most valuable corporate asset. Learn how to protect it and make sure protection measures are working in this course. This course will help you become more comfortable and confident in dealing with security testing issues. You will emerge from this course knowing how to develop a security testing strategy and security test plan.

By attending Security Testing for the Enterprise and the Web workshop, delegates will learn to:

  • Protect most valuable corporate asset - data
  • Understand how the attackers think
  • Become familiar with networking and application technology to define effective security tests
  • Understand which risks are associated with security issues and how they can affect the test planning and execution.
  • Which tools can be used in security testing

  • Basic IT and testing knowledge or experience

The Security Testing for the Enterprise and the Web class is ideal for:

  • QA Managers
  • Test managers
  • Test analysts
  • Testers
  • End users
  • Web developers
  • General managers who are responsible for making IT security decisions in their organizations
  • IT auditors and internal auditors

COURSE AGENDA

1

Introduction to Computer Security

  • What is Security Testing?
  • Is Security Testing Possible?
  • The Risks
  • The Benefits
  • The Threats
  • Who is at Risk?
2

Understanding the Attackers

  • Who are the Hackers and Crackers?
  • How do the Hackers and Crackers Think?
  • What tools do they Use?
  • Where do they Meet?
  • How do they Work?
  • The Five Phases of a Security Attack
3

Understanding the Technology

  • Networking Basics
  • Firewalls
  • Data Layers and Physical Layers
  • Ethernet
  • ARP Query and Response
  • Hubs and Switches
  • How Sniffers Intercept Packets
  • Network Security Solutions
  • Operating Systems
  • UNIX
  • Windows
  • Where to Check for Security Updates
4

Security Protocols and Techniques

  • Transaction Security Essentials
  • Encryption BasicsVPNs
    • How Public Key Encryption Works
    • Data Encryption System (DES) File Encryption
  • Digital Certificates
  • Certification Authorities
  • Digital Signatures
  • SSL
  • Cookies
5

Internet Privacy and Information Privacy

  • Is There Such a Thing as "Internet Privacy?"
  • Privacy Threats
  • Privacy Remedies
  • Information Privacy Concerns - How Crooks Steal and Exploit Sensitive Corporate Information
  • Corporate Espionage
  • Protecting Private Information in Internal Systems
  • Verifying and Validating the Protection of Sensitive Information
6

A Process for Security Testing

  • Determine Test Strategy and Tools
  • Perform Security Assessment
  • Develop Security Policy
  • Identify Security Risks: Functional & Structural
  • Script Functions To Be Security Tested
  • Design Automated Security Tests
  • Perform Test And Report Results
7

How to Develop a Security Testing Strategy

  • How Testing Fits into an Enterprise Security Process
  • Questions for Determining a Security Test Strategy
8

How to Perform a Security Assessment

  • Defining the Scope of the Assessment
  • Identifying the Risks
  • Assessing and Prioritizing the Risks
  • Reporting the Findings
  • Mitigating the Risks
9

Writing a Security Test Plan

  • Defining a Security Test Plan Standard
  • Defining the Scope of Test Planning
  • Defining Who Will Perform Testing
  • Assemble Test Planning Information as Defined in the Standard
  • Reviewing the Plan
  • Approving the Plan
  • A Sample Security Test Plan
  • A Security Test Plan Checklist
10

Testing External Network Attacks

  • External attacks
    • Password Cracking Techniques
  • Network attacks
    • Network Mapping
    • Network Scanning
    • Intrusion Detection System Evasion
    • Data Packet Fragmentation
  • Web-based Application Attacks
    • Application Scanning Tools
11

Testing for Language-based Vulnerabilities

  • Script Kiddies and Pros
  • Application-based attacks Developer Defenses
    • Stack-based Buffer Overflow Attacks
    • NOP Sleds
  • Tests Against Application Vulnerabilities
12

Testing for Backdoors and Trojan Horses

  • Backdoors and Trojan Horses Defined
  • How Backdoors and Trojan Horses are Placed on Systems
  • Traditional Rootkits
  • Kernel-level Rootkits
13

Testing Denial-of-Service Attacks

  • Locally Stopping Services
  • Defenses for Local Stopping of Service
  • Tests for Local Stopping of Service
  • Remotely Stopping Services
  • Defenses for Remotely Stopping Services
  • Tests for Remotely Stopping Services
  • Remotely Exhausting Services Distributed Denial of Service Attacks (DDoS)
    • SYN Flood Attacks
    • Smurf Attacks
  • DDoS Defenses
  • DDos Tests
14

Testing Virus and Password Attacks

  • The Nature of Virus Attacks
  • Virus Facts
  • A Case in Point - The "I Love You" Virus
  • The Virus Life Cycle
  • Virus Types
  • Virus Defenses
  • Sources of Virus Information
  • Tests for Virus Protection
  • Password Attacks
  • Password Cracking Tools
  • Password Defenses
  • Password Protection
  • Virus Checklist
15

Testing Web Application Attacks

  • Account Harvesting
  • Session Hijacking
  • Cookie Cracks
  • Session Tracking
  • SQL Piggybacking
  • URL Redirection
16

Performing Security Tests

  • Establishing the Test Environment
  • Penetration Testing
  • Encryption
  • Authorization
  • Language-based Tests (C++ vs. Java)
  • Testing COTS-based Applications
  • Regression Testing
  • Reviewing Logs and Alerts
17

Reporting the Results of Security Testing

  • Developing a Security Test Report Standard
  • A Sample Security Test Report
18

Security Testing Tools

  • Scanners
  • Packet Building
  • Load and Stress Testing
  • Sniffers
  • Password Crackers
  • Virus Scanners
  • Information Querying
  • Intrusion Detection
  • Network Monitoring
19

How to Write a Security Response and Recovery Plan

  • Developing a Security Response and Recovery Plan Standard
  • A Sample Security Response and Recovery Plan
20

Protecting Intellectual Property in the Digital Age

  • The Problem
  • The Issues
  • Means of IP Protection
  • The Threat
  • The Outlook
21

Developing an Action Plan for Security

  • Identifying Your Greatest Needs
  • Developing an Action Plan

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X