Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Security Testing Basics (Getting started for Beginners)
Rating: 4.2 out of 5(45 ratings)
143 students

Security Testing Basics (Getting started for Beginners)

All the basics that are required for Beginners to get started with Security Testing are covered in this course
Created byArun Motoori
Last updated 1/2023
English

What you'll learn

  • Security Testing Getting Started
  • Security Testing for Beginners
  • Security Testing Basics
  • Security Testing from Scratch

Course content

1 section50 lectures9h 46m total length
  • What is Security Testing?7:15

    Learn how security testing, a non-functional software test, identifies vulnerabilities and security loopholes in an application, safeguarding login functionality and information before release.

  • Importance of Security Testing with Examples5:24

    Explore why security testing matters by reviewing real-world data breaches and hacks, and learn how protecting passwords, records, and biometric data safeguards reputation, trust, and business value.

  • Future (Jobs, Skill Shortage, Demand, unemployment rate, Pay scale and Career Ad15:40
  • Security Testing versus Vulnerability Assessment versus Penetration Testing9:24
  • Security Testing Versus Hacking3:42
  • Don't end up in Jail2:53
  • Manual Security Testing Versus Security Testing Tools5:42
  • CIA Triad - Basic High Level Objectives of Security Testing11:08
  • Vulnerability versus Threat versus Risk17:23
  • Security Testing (Basics) - HTTP Methods35:52

    Learn the basics of Http methods, including get, post, put, delete, head, options, connect, and trace, and identify which are safe or dangerous for security testing.

  • Security Testing (Basics) - HTTP Status Codes13:29
  • Security Testing (Basics) - Cookie19:50
  • Security Testing (Basics) - Cookie versus Session ID versus Session24:32
  • Security Testing (Basics) - Cryptography and different Techniques16:08
  • Secuirty Testing (Basics) - Symmetric Key Encryption10:02
  • Security Testing (Basics) - Asymmetric Key Encryption10:55
  • Security Testing (Basics) - Symmetric & Asymmetric Key Sizes7:04
  • Security Testing (Basics) - Finding Asymmetric Key Encryption used by different3:35
  • Security Testing (Basics) - Encoding and Decoding33:43
  • Security Testing (Basics) - Hashing25:38
  • Security Testing (Basics) - HTTP is Stateless11:21

    Understand why http is stateless and how each request uses a new connection, while session IDs and cookies maintain login state across actions.

  • Security Testing (Basics) - HTTPS10:24
  • Security Testing (Basics) - Input Validation and Output Encoding15:40
  • Security Testing (Basics) - Client Side Validation versus Server Side Validation10:47
  • Blacklisting versus Whitelisting (Input Validation)10:23
  • Security Testing Basics - SSL versus TLS10:33

    Compare SSL and TLS certificates, explain http vs https, and emphasize that SSL is deprecated while TLS remains in use. Favor migration toward TLS 1.3 for improved security and performance.

  • Security Testing Basics - HTTP versus HTTPS4:54
  • Security Testing Basics - Authentication versus Authorization8:22

    Explore authentication versus authorization in security testing basics, learning how user identity with valid credentials grants login, while permissions govern access to resources.

  • Security Testing Terminology - Payloads and Malicious Input5:48
  • Security Testing Terminology - DAST2:32
  • Security Testing - Demo Application for Practice2:23

    Practice security testing using a demo application you can access with admin/admin credentials, exploring login, account summary, and transfer funds to identify web vulnerabilities.

  • Security Testing Process (Testing Phase of SDLC)35:07
  • OWASP15:05
  • OWASP Top 10 Vulnerabilities5:09

    Explore OWASP top ten vulnerabilities, including injection, broken authentication, sensitive data exposure, XML external entities, and broken access control. Learn via practical examples and updated lists every 3–4 years.

  • Injection vulnerability and different types13:15

    Understand injection vulnerabilities from untrusted input processed by a software interpreter, leading to data theft or system compromise. Learn types, especially sql and cross-site scripting, and why input validation matters.

  • SQL Basics for SQL Injection15:25
  • Attack Surface and Attack Vector6:58
  • SQL Injection (SQLi)9:25
  • Anatomy of SQL Injection Payload28:46
  • Security Testing - Second Demo Application for Practice2:55
  • SQL Injection Payload - Vulnerability Assessment14:22
  • SQL Injection Attack Surface4:53
  • Installing BurpSuite6:55

    Learn how to install and launch Burp Suite Community Edition, including installing Java, downloading Burp Suite, and running a temporary project with Burp defaults for web application security testing.

  • Using BurpSuite as Proxy Tool for Intercepting Requests17:22
  • Configuring BurpSuite as Proxy with Firefox browser6:44
  • Configuring BurpSuite as Proxy for Chrome browser5:56

    Configure Burp Suite as a proxy for Chrome by setting the computer proxy to 127.0.0.1 and a port, then enable intercept in Burp Suite.

  • Configuring BurpSuite as Proxy for Internet Explorer browser5:52
  • Installing WebGoat7:36
  • Bypassing Client Side Validation using BurpSuite9:23
  • Increasing Attack Surface using BurpSuite3:11

Requirements

  • No pre-requisites required, as this is the beginners and getting started only course
  • If you are a fresher in IT field and interested in moving towards Security Testing domain which has good demand in the market and doesn't need any Software Testing skills, then this course is for you.

Description

In this course, I have covered all the Security Testing that are required for Beginners to get started with.


If you are a beginner or fresher or new to Security Testing, and want to figure out whether this Security Testing field is for you or not, then this course is for you. This is an overview course, where by the end of this course, you can find out whether Security Testing is for you or not, its opportunities, basic knowledge and guidance required for moving into Security Testing field from Software Testing field.


The below are the different basic topics that are covered in this course:


  1. What is Security Testing?

  2. Importance of Security Testing with Examples

  3. Future (Jobs, Skill Shortage, Demand, unemployment rate, Pay scale and Career Advice)

  4. Security Testing versus Vulnerability Assessment versus Penetration Testing

  5. Security Testing Versus Hacking

  6. Don't end up in Jail

  7. Manual Security Testing Versus Security Testing Tools

  8. CIA Triad - Basic High Level Objectives of Security Testing

  9. Security Testing - Vulnerability versus Threat versus Risk

  10. Security Testing (Basics) - HTTP Methods

  11. Security Testing (Basics) - HTTP Status Codes

  12. Security Testing (Basics) - Cookie

  13. Security Testing (Basics) - Cookie versus Session ID versus Session

  14. Security Testing (Basics) - Cryptography and different Techniques

  15. Security Testing (Basics) - Symmetric Key Encryption

  16. Security Testing (Basics) - Asymmetric Key Encryption

  17. Security Testing (Basics) - Symmetric & Asymmetric Key Sizes

  18. Security Testing (Basics) - Finding Asymmetric Key Encryption used by different websites

  19. Security Testing (Basics) - Encoding and Decoding

  20. Security Testing (Basics) - Hashing

  21. Security Testing (Basics) - HTTP is Stateless

  22. Security Testing (Basics) - HTTPS

  23. Security Testing (Basics) - Input Validation and Output Encoding

  24. Security Testing (Basics) - Client Side Validation versus Server Side Validation

  25. Security Testing (Basics) - Blacklisting versus Whitelisting (Input Validation)

  26. Security Testing Basics - SSL versus TLS

  27. Security Testing Basics - HTTP versus HTTPS

  28. Security Testing Basics - Authentication vesus Authorization

  29. Security Testing Terminology - Payloads and Malicious Input

  30. Security Testing Terminology - DAST

  31. Security Testing - Demo Application for Practice

  32. Security Tesitng Process (Testing Phase of SDLC)

  33. OWASP

  34. OWASP Top 10 Vulnerabilities

  35. Injection vulnerability and different types

  36. SQL Basics for SQL Injection

  37. Attack Surface and Attack Vector

  38. SQL Injection (SQLi)

  39. Anatomy of SQL Injection Payload

  40. Security Testing - Second Demo Application for Practice

  41. SQL Injection Payload - Vulnerability Assessment

  42. SQL Injection Attack Surface

  43. Installing BurpSuite

  44. Using BurpSuite as Proxy Tool for Intercepting Requests

  45. Configuring BurpSuite as Proxy with Firefox browser

  46. Configuring BurpSuite as Proxy for Chrome browser

  47. Configuring BurpSuite as Proxy for Internet Explorer browser

  48. Installing WebGoat

  49. Bypassing Client Side Validation using BurpSuite

  50. Increasing Attack Surface using BurpSuite


Who this course is for:

  • Beginners who want to get started with Security Testing and learn its basics
  • For the one's who want to get into or move to Security Testing field, from regular Software Testing field.