Software Security Testing

1. Introduction

Let us take a quick peek into the course and understand what we are going to learn it.

2. Environment Setup

Environment setup is an essential process to become professional software security testers. This video will set up Kali Linux, a Debian-derived Linux distribution designed for digital forensics and penetration testing.

3. Important Terminology

Like any other profession, it is vitally important to learn and adopt critical terminology and vocabulary. There are numerous terminologies that cybersecurity experts use daily. This video will highlight some essential concepts that you need to know in software security testing.

4. Methodologies and Standards

In this video, we will explore essential testing methodologies and standards that software security testers use regularly.

5. Software Testing as a Process

Software security testing is very hands-on! The more tests you perform, the better you get. Continuous learning and improvement are essential to staying relevant. Software security testing is similar to chess - easy to learn and be productive but hard to master. In this video, we will explore software testing as a process.

6. The HTTP Protocol

HTTP (HyperText Transfer Protocol) is the underlying protocol of the World Wide Web. Tim Berners-Lee and his team developed it in 1989-91. HTTP has seen many changes, maintaining most of the simplicity and further shaping its flexibility. This video will explore the foundations of the HTTP protocol and its importance to software security.

7. Introduction to Encoding

Encoding is the process of converting data from one form to another. While encoding can be used as a verb, it is often used as a noun and refers to a specific type of encoded data. In this video, we will learn how to identify different encoding algorithms and decode them.

8. Information Gathering

This video will explore information gathering as one of the most critical processes in software security testing. There are two types of methods used during information gathering: active and passive reconnaissance. You will learn the main differences and how to use both techniques to your advantage.

9. Configuration and Management Testing

The intrinsic complexity of interconnected and heterogeneous server infrastructure, including hundreds of applications, makes configuration management and reviews a fundamental step in testing and deploying every single application. In this video, we will learn about configuration and management testing. It takes only a single vulnerability to undermine the entire infrastructure's security, and even small and seemingly unimportant problems may evolve into severe risks for another application on the same server.

10. Identity Management Testing

Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. This video will explore identity and access management as one of the most critical provocations for IT departments.

11. Authentication Testing

Authentication can generally be defined as the act of confirming the identity of a resource - in this case, the consumer of an API. In this video, we will see authentication and different vulnerabilities in the implementation.

12. Authorization Testing

Authorization is the idea of allowing access to resources only to those authorized to use them. Testing for authorization means understanding how the authorization process works and using that information to circumvent the authorization mechanism. In this video, we will learn about authorization and various vulnerabilities in the implementation.

13. Session Management Testing

One of the core components of any application is the mechanism by which it controls and maintains the state for a user interacting. In this video, we will explore some of the misconfigurations and vulnerabilities in session management.

14. Input Validation Testing

Input validation, also known as data validation, is the proper testing of any input supplied by a user or application. In this video, we will explore data validation vulnerabilities and mitigation.

15. Error Handling

Improper handling of errors can inject a variety of security problems for a website. The most common problem is when specific internal error messages such as stack traces, database dumps, and error codes are exposed to the user (attacker). In this video, we will explore error handling vulnerabilities and mitigation.

16. Cryptography

Cryptography appears to be closely linked to modern electronic communication. Nonetheless, early cryptography examples date back to about 2000 BC, when non-standard "secret" hieroglyphics were used in ancient Egypt. This video will teach about cryptography and weak cryptographic algorithms that should be avoided while developing software.

17. Business Logic Testing

Testing for business logic flaws in a multi-functional dynamic application requires thinking in unconventional methods. This video will teach about the importance of business logic testing while helping you think creatively.

18. Client-Side Testing

Client-side testing refers to any type of testing that occurs in the user's browser. This video will explore testing mechanisms for client-side vulnerabilities and ways to mitigate and reduce impact.

19. Reporting

The cornerstone of a successful penetration test lies in the technical expert's capacity to administer the test and in the quality of the communication of the importance of its results. This video will help you learn crucial components of a software security testing report.

20. Bonus

In this bonus video, you will explore some additional resources that can come in handy while performing software security testing.