Security Testing Training – Batch One

Hi all,

Thanks for attending Security Testing Training sessions. Please find the recorded sessions and other details of the sessions below:

Note: People from this batch one, Login to your Gmail address to which we have provided access and click on the below links to open them in the same browser window where your Gmail address is logged in.


QAFox – Security Testing Training Contents (Click here)


Session 1: Introduction to Security Testing (45 Minutes)

  • Introduction
  • Importance of Security Testing
  • Jobs and their demand
  • Course Walkthrough
  • Questions on Course and Security Testing

Session 2: Basic Concepts – Part 1 (1 hour)

  • CIA Triad
    • Confidentiality
    • Integrity
    • Availability
  • Vulnerability
  • Threat
  • Risk
  • HTTP Protocol basics
    • HTTP Methods
    • HTTP Response Codes
  • Cookie
  • Session
  • Cookie Versus Session
  • Cryptography (Introduction)

Session 3: Basic Concepts – Part 2 (1 hour)

  • Cryptography
    • Encryption
      • Symmetric Key Encryption
      • Asymmetric Key Encryption
    • Encoding
    • Hashing

Session 4:  Basic Concepts – Part 3 (55 Minutes)

  • Encryption, Encoding, and Hashing – CIA Triad
  • Input Validation
  • Output Encoding
  • Client-side Validation versus Server-side Validation
    • Client-side validation
    • Server-side validation
    • Client-side Vs Server-side Validation
  • BlackList validation
  • WhiteList validation
  • BlackList validation versus WhiteList validation
  • SDLC Process and Secure SDLC Process
  • Secure SDLC-Advantages

Session 5:  Basic Concepts – Part 4 (1 hour)

  • Threat Modelling
  • STRIDE Methodology
      • Spoofing Identity
      • Tampering with data
      • Repudiation
      • Information Disclosure
      • Denial of Service
      • Elevation of privilege
  • SSL – Secured Socket Layer
  • HTTP versus HTTPS
  • SSL and TLS Versions

Session 6:  Basic Concepts – Part 5 (1 hour)

  • SSL Handshaking Process
  • Authentication versus Authorization

Session 7:  Basic Concepts – Part 6 and SQL Injection – Part 1 (1 hour)

  • 5 Phases of Security Testing
  • OWASP Top 10 Vulnerabilities
    • How to understand the vulnerabilities?
  • SQL Injection
    • What is SQL?
    • SQL Query Generation
    • SQL Injection Definition
    • SQL Injection Types
    • Impact of SQL Injection
    • SQL Injection Demonstration (Single quote and advanced)

Session 8:  BurpSuite Tool and SQL Injection – Part 2 (1 hour)

  • Installing BurpSuite Tool
  • BurpSuite – Configuration
  • BurpSuite – Demonstration
  • BurpSuite – Purpose
  • SQL Injection – Error Based
  • SQL Injection – Demonstration of different Error Based SQL Injections
  • SQL Injection – Approach and Process
  • SQL Injection – Client recommendations in day to day real time projects
  • Comparision between Free and Premium versions of BurpSuite
  • Comparing BurpSuite with other similar tools available in the market
  • SQL Injection – Discussion, Questions/Doubts clarifications

Session 9:  SQL Injection – Part 3 (1 hour)


Session 10:  SQL Injection – Part 4 (1 hour 30 minutes)


Session 11:  Cross Site Scripting – Part 1 (1 hour)


Session 12:  Cross Site Scripting – Part 2 and BrupSuite Features – Part 1 (1 hour)


Session 13:  Cross Site Request Forgery – Part 1 (1 hour)


Session 14:  Cross Site Request Forgery – Part 2 (45 Minutes)


Session 15:  Insecure Direct Object Reference and Failure to restrict URL access  – 1 hour (1 hour)


Session 16:  Insecure Direct Object Reference – Part 2, Failure to restrict URL access – Part 2 and Sensitive Data Exposure (1 hour)


Session 17:  Broken Authentication and Session Management – 1 hour (1 hour)


Session 18:  Broken Authentication and Session Management – Part 2 (1 hour)


Session 19:  Broken Authentication and Session Management – Part 3, Security Misconfiguration and Using components with known vulnerabilities (1 hour)


Session 20:  Security Misconguration – Part 2, Malicious/Unrestricted File Uploads, Misssing Cookie Attributes and Dangerous/unsafe http methods enabled (1 hour)


Session 21:  Cacheable HTTPS response, Unsafe CORS Policy, XML External Entity (1 hour)


Session 22:  Insecure Deserialization and Insufficient Logging & Monitoring (1 hour)


Session 23:  Network Security Testing – Part 1 (50 minutes)

  • What is a Network?
  • What will a Network generally contain?
  • Purpose of Network Security Testing
  • Network Security Testing Basics
    • IP Address
    • Port
    • Protocol
      • Understanding Protocol
      • Examples for Network Protocol
      • TCP
      • UDP
      • ARP
      • FTP
      • DNS
      • Telnet
      • SSH
  • Network Security Testing is all about
  • Is Network Security Testing an easy task?
  • Network Security Testing Tools
  • Questions, Discusssions and Testing Focus

Session 24:  Network Security Testing – Part 2 (1 hour 15 minutes)


Session 25:  Mobile Security Testing – Part 1 (1 hour 10 minutes)


Session 26:  Mobile Security Testing – Part 2 (1 hour)


Session 27:  BurpSuite and Kali Linux Tools (1 hour)


Other Stuff


Happy Learning  🙂

Arun Motoori (www.qafox.com)