ASPE is a leading provider of SDLC training
find SDLC training anywhere in the US and in your state
Questions about our services or how our courses can help you and your organization? Call today!
     
About Us  |  Courses  |  Join Mailing List 		Business Analysis and Requirements training for analysts Training for Agile practitioners Project Management, PMP, and Professional skills training software testing and quality assurance
Fees starting at
Regular Individual Fee:
$1495

Early Bird Rate for Virtual Session:
$1295

Group Rate:
(per registrant, 3 or more)
$1295
 Registrations must be made at the same time to receive discount)

GSA Individual Fee:
$976.50
 All full time federal, state, and local government employees can take advantage of government discount pricing. ASPE accepts SF-182s, GSA SmartPay, GCPC credit card, and participates in GSA Advantage: www.gsaadvantage.gov

*VCL excluded from GSA Discount

s
View the curricula and courses ASPE has to offer
Bring one of our courses onsite for superior training and cost effectiveness
Get Certified quickly and easily with ASPE SDLC
Package your training for lower pricing, easy planning, and future discounts
Free templates, tools and offers from ASPE SDLC
Why not train for free? Find out what ASPE offers today!
Find out the latest updates from ASPE, when training is coming to your area, or when a specific course opens up new classes
Get nearly immediate results to your questions!















Register for Software Testing Training Course


COURSE 3300 | 2-DAY SESSION
Hands-On How to Break Software Security
Course Outline

Hands-on labs will be conducted after each section.

Section 1: Overview of Application Security Testing

  • Why security bugs are different from functional bugs in software
  • How this distinction affects how you approach your testing efforts
  • Understand why security bugs are usually missed during functional testing
  • Recognize symptoms of insecure behavior so that they don’t elude your testing efforts

Chapter 1: The Four Classes of Security Vulnerability

  • Understand the characteristics of a security bug and what makes it so distinguished
  • Learn the four basic classifications of security vulnerabilities
    — User interface
    — Operating-system kernel
    — File system
    — Software Systems
  • Conduct attacks against all four classifications

Chapter 2: Assessing Risk

  • Learn how to recognize the security threats to your application
  • Simulate the mindset of an attacker
  • Master the art of translating threats into malicious uses of your software
  • Learn to master the cat and mouse game — recognizing potential security holes before attackers do

Chapter 3. An Overview of the Methodology of How to Break Software Security

  • Determining which security attacks apply to your application
  • Conducting attacks and recognizing whether or not you were successful at exploitation

Section 2: Attacking Your Application

Chapter 4: Attacking Dependencies
Dependencies give the application a lot of functionality, but they also riddle the application with vulnerabilities such as buffer overflows in managed code and race conditions.

  • Learn advanced testing techniques
  • Assess how your application responds (securely or insecurely)
  • What happens when dependency fails
  • Understand how these resources and cause your application to behave insecurely
    — Memory
    — Network
    — Files
    — Registry
  • Simulate dependency failures in your application’s environment using Fault Injection tools

Hands-On Lab:
Attack 1 – Block Access to Libraries

Chapter 5: Attacking through the User Interface
The application’s User Interface is the most common place to find vulnerabilities that are most commonly attacked, and we’ll discuss how to do so.

  • Learn about
    — SQL injection
    — Buffer overflows
    — Escape characters
    — Executable data
    — And other dangerous vulnerabilities that can’t be missed
  • Discuss the most common security vulnerability in software and how to test for it
  • Learn techniques to expose security vulnerabilities in your software through the user interface

Hands-On Labs:
Attack 2 – Manipulate Registry
Attack 3 – File Corruption Lab
Attack 4 – Replace File the Application Uses Lab

Chapter 6: Attacking Design
The Software Design introduces many holes to your application because it is such a subjective process. Therefore, you must think differently about how the application was designed. You need to think like an attacker, which goes beyond what the software “does” and examines what functionality can manifest in security vulnerabilities at a later point - discovering functionality the application “shouldn’t” have.

  • Learn seven testing techniques to expose vulnerabilities that can creep into an application at the design stage
  • Understand why legacy code can create huge security holes
  • Learn how inappropriate uses of temporary files and the registry can be manipulated to force insecure behavior

Hands-On Labs:
Attack 5 – Holodeck vs Joe’s eatmem.exe
Attack 6 – Buffer Overflows
Attack 7 – AUX bug Lab
Attack 8 – SQL injection

Chapter 7: Attacking Implementation
The implementation phase of the SDLC is where you are most likely to encounter security vulnerabilities - largely because each developer may not have the training or the vision to write secure code.

  • Learn four techniques that can expose vulnerabilities due to implementation errors
  • Learn about how timing related vulnerabilities work and how to expose them during testing.

Hands-On Labs:
Attack 9 – Connection to All Ports Demo & Lab
Attack 10 – Fake the Source of Data
Attack 11 – Create Loop Conditions
Attack 12 – Exploring possible ways to accomplish the same task
Attack 13 – Forcing applications to use default values
Attack 14 – Finding and dealing with delay verification
Attack 15 – Removing application assumptions
Attack 16 – Removing sensitive information from error messages
Attack 17 – Temporary Files


Register for Software Testing Training Course
 
Clients  |  Resellers  |  Testimonials  |  Site Map  |  Credit for Training  |  Custom Services  |  GSA Pricing
Toll Free 877-800-5221  •  Fax: 919-816-1710  •  114 Edinburgh South Dr, Suite 104  •  Cary, NC 27511