
Learn how security testing, a non-functional software test, identifies vulnerabilities and security loopholes in an application, safeguarding login functionality and information before release.
Explore why security testing matters by reviewing real-world data breaches and hacks, and learn how protecting passwords, records, and biometric data safeguards reputation, trust, and business value.
Learn the basics of Http methods, including get, post, put, delete, head, options, connect, and trace, and identify which are safe or dangerous for security testing.
Understand why http is stateless and how each request uses a new connection, while session IDs and cookies maintain login state across actions.
Compare SSL and TLS certificates, explain http vs https, and emphasize that SSL is deprecated while TLS remains in use. Favor migration toward TLS 1.3 for improved security and performance.
Explore authentication versus authorization in security testing basics, learning how user identity with valid credentials grants login, while permissions govern access to resources.
Practice security testing using a demo application you can access with admin/admin credentials, exploring login, account summary, and transfer funds to identify web vulnerabilities.
Explore OWASP top ten vulnerabilities, including injection, broken authentication, sensitive data exposure, XML external entities, and broken access control. Learn via practical examples and updated lists every 3–4 years.
Understand injection vulnerabilities from untrusted input processed by a software interpreter, leading to data theft or system compromise. Learn types, especially sql and cross-site scripting, and why input validation matters.
Learn how to install and launch Burp Suite Community Edition, including installing Java, downloading Burp Suite, and running a temporary project with Burp defaults for web application security testing.
Configure Burp Suite as a proxy for Chrome by setting the computer proxy to 127.0.0.1 and a port, then enable intercept in Burp Suite.
In this course, I have covered all the Security Testing that are required for Beginners to get started with.
If you are a beginner or fresher or new to Security Testing, and want to figure out whether this Security Testing field is for you or not, then this course is for you. This is an overview course, where by the end of this course, you can find out whether Security Testing is for you or not, its opportunities, basic knowledge and guidance required for moving into Security Testing field from Software Testing field.
The below are the different basic topics that are covered in this course:
What is Security Testing?
Importance of Security Testing with Examples
Future (Jobs, Skill Shortage, Demand, unemployment rate, Pay scale and Career Advice)
Security Testing versus Vulnerability Assessment versus Penetration Testing
Security Testing Versus Hacking
Don't end up in Jail
Manual Security Testing Versus Security Testing Tools
CIA Triad - Basic High Level Objectives of Security Testing
Security Testing - Vulnerability versus Threat versus Risk
Security Testing (Basics) - HTTP Methods
Security Testing (Basics) - HTTP Status Codes
Security Testing (Basics) - Cookie
Security Testing (Basics) - Cookie versus Session ID versus Session
Security Testing (Basics) - Cryptography and different Techniques
Security Testing (Basics) - Symmetric Key Encryption
Security Testing (Basics) - Asymmetric Key Encryption
Security Testing (Basics) - Symmetric & Asymmetric Key Sizes
Security Testing (Basics) - Finding Asymmetric Key Encryption used by different websites
Security Testing (Basics) - Encoding and Decoding
Security Testing (Basics) - Hashing
Security Testing (Basics) - HTTP is Stateless
Security Testing (Basics) - HTTPS
Security Testing (Basics) - Input Validation and Output Encoding
Security Testing (Basics) - Client Side Validation versus Server Side Validation
Security Testing (Basics) - Blacklisting versus Whitelisting (Input Validation)
Security Testing Basics - SSL versus TLS
Security Testing Basics - HTTP versus HTTPS
Security Testing Basics - Authentication vesus Authorization
Security Testing Terminology - Payloads and Malicious Input
Security Testing Terminology - DAST
Security Testing - Demo Application for Practice
Security Tesitng Process (Testing Phase of SDLC)
OWASP
OWASP Top 10 Vulnerabilities
Injection vulnerability and different types
SQL Basics for SQL Injection
Attack Surface and Attack Vector
SQL Injection (SQLi)
Anatomy of SQL Injection Payload
Security Testing - Second Demo Application for Practice
SQL Injection Payload - Vulnerability Assessment
SQL Injection Attack Surface
Installing BurpSuite
Using BurpSuite as Proxy Tool for Intercepting Requests
Configuring BurpSuite as Proxy with Firefox browser
Configuring BurpSuite as Proxy for Chrome browser
Configuring BurpSuite as Proxy for Internet Explorer browser
Installing WebGoat
Bypassing Client Side Validation using BurpSuite
Increasing Attack Surface using BurpSuite