TST 401: Advanced Software Security Testing - Tools and Techniques
This course delves deeply into the techniques for testing specific security weaknesses and is broken down into the three areas where bugs are most often found: insecure interaction between components, risky resource management, and poor defenses. Tools and techniques for security testing are presented, including ten different types of attacks such as SQL Injection, Command Injection, Cross-site Scripting, Buffer Overflow, and Access Spoofing.
Upon completion of this course, participants will understand:
- How to test for common attacks caused by injection of malicious code in user input, such as SQL injection, OS command injection, cross-site scripting, and attacks using malicious files
- How to test for attacks related to inappropriate management of memory and other system resources, such as buffer overflows, integer overflows, and format strings
- How to test for attacks such as network data sniffing, forced browsing, and access spoofing
This course can be customized for Instructor-Led training. Course contents and duration may vary. Contact us for details.