Web Application Security Testing Table of Contents

    
Table of Content
 

 

Web Technology Basics

  • Web Application
  • HTML
  • CSS
  • JavaScript
  • Document Object Model (DOM)
  • XPath
  • Popular Web Browsers
  • Inspecting Elements in Browser
  • TCP/IP Protocol Architecture
  • Internet Protocol
  • Transport Layer

Software Testing Basics

  • Scope
  • Functional vs. Non-Functional testing
  • Defects and Failures
  • Finding Faults Early
  • Compatibility
  • Input Combinations and Preconditions
  • Static vs. Dynamic Testing
  • Software Verification and Validation
  • The Software Testing Team
  • Software Quality Assurance (SQA)
  • Testing Methods - The box approach

Security Concepts

  • Security Principles
  • Identification and Authentication
  • Attack Types
  • Social Engineering
  • Steganography

Information Gathering

  • Information Gathering Basics
  • DNS, whois and ARIN records
  • Using traceroute, e-mail tracking and web spider
  • Google Hacking
  • Popular Information Gathering Tools

Vulnerability Analysis

  • Vulnerability Analysis Basics
  • Identifying and Removing Vulnerabilities
  • Vulnerability Naming
  • Vulnerability Assessment Tools

Exploitation Techniques

  • Attack Vector
  • SQL Injection
  • Buffer Overflow
  • Cross-Site Scripting or XSS
  • CSRF
  • Hidden Fields
  • Web-Based Password Cracking
  • Cookies Attack
  • URL Obfuscation
  • Arbitrary Code Execution
  • File Inclusion Vulnerability
  • Man-in-Middle Attack

Client Side Web Application Security

  • DOM-based Cross site scripting
  • JavaScript Execution
  • HTML Injection
  • Client Side URL Redirect
  • CSS Injection
  • Client Side Resource Manipulation
  • Cross Origin Resource Sharing
  • Cross Site Flashing
  • Clickjacking
  • WebSockets
  • Web Messaging
  • Local Storage

Server Side Web Application Security

  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Error Handling
  • Cryptography
  • Business Logic Testing

Web Application Security Test Design

  • Test Design
  • Web Application Security Testing Challenges
  • Web Application Security Testing Requirements Gathering
  • Web Application Security Testing High Level Design
  • Web Application Security Testing Low level Design
  • OWASP Web Security Testing Framework

Web Application Security Test Execution

  • Unit Testing
  • Integration Testing
  • Web Application Security Test Development
  • Web Application Security Testing Defects
  • Defects Reporting
  • SAST
  • DAST
  • Web Application Security Testing Tools



Apply for Certification

https://www.vskills.in/certification/testing/web-application-security-testing-certification-course

 For Support