Course Outline
Introduction
Overview of Web Security Testing Guide
- The OWASP Testing Project.
- Tailoring and prioritizing for organizations.
- Testing principles and techniques.
- Security testing objectives and requirements.
Exploring Various Testing Techniques
- Manual inspections and reviews.
- Threat modeling.
- Source code review.
- Penetration testing.
- Security test integration and data analysis.
Understanding the OWASP Testing Framework
- Activities from development to deployment.
- Maintenance and operations.
- Lifecycle end-to-end testing framework and workflow.
- Penetration testing methodologies.
Performing Web Application Security Testing
- Information gathering.
- Configuration and deployment management testing.
- Identity management testing.
- Authentication and authorization testing.
- Session management testing.
- Input validation testing.
- Testing for error handling.
- Testing for weak cryptography.
- Business logic testing.
- Client-side testing.
- API testing.
Reporting the Testing Assessment and Results
- Introduction section.
- Executive summary.
- Findings section.
- Appendices.
Getting Involved in the Web Security Testing Guide
- Referencing and linking WSTG scenarios.
- Code of conduct.
- Contribution guide.
- Feature requests and feedback.
Summary and Conclusion
Requirements
- A general understanding of the web development lifecycle.
- Experience in web application development, security, and testing.
Audience
- Developers.
- Engineers.
- Architects.
Testimonials (1)
The pace adopted was intense, particularly due to the alternation between lectures and practical exercises. A lot of topics were covered in three days, with the opportunity to delve deeper into each theme thanks to labs and numerous resources provided by the trainer, who remained available to assist. The pedagogical approach was also very pleasant, both informal and rich, and demonstrated the trainer's mastery of the subjects covered.
Alexandre DURAND - ITS Group
Course - OWASP Web Security Testing Guide
Machine Translated
