| |
Learn practical security testing and QA approaches based on experiences of top software security experts |
|
| |
Use a structured risk analysis method to expose dangerous software vulnerabilities |
| |
Learn how to add security testing to all of your testing strategies and plans |
| |
Discover how hackers exploit software so you can “think like an attacker” while developing your tests |
| |
See real-life examples of severe security defects at both the design and implementation levels |
| |
Integrate security testing and QA practices into your entire software development lifecycle |
Developed by top experts in software security, this course is an eye-opening experience for all test and QA professionals and for development professionals doing structured unit and integration testing. It will change the way you think about test development.
Proactive security testing requires that you first get an understanding of the security problem and adopt a risk management framework for addressing security issues. Then, you need to gain the skills and implement the processes necessary to develop and execute security test strategies.
Learn to think like an attacker so that you can add test cases to cover nonfunctional— often implied or missing—security requirements. Find out about the “Seven Pernicious Kingdoms of Software Security” and how to use security risk information to improve test and QA strategies and planning. Practice examining software requirements, designs, and code to expose security vulnerabilities as early as possible during development. Add appropriate abuse cases to your test designs and explore your software with a new awareness of security issues.
Look inside the code with white-box testing techniques to achieve greater benefits with less effort. Tie in the business and design objectives, architectural and operational realities, and common attack patterns to enhance your current testing methods. With new knowledge and skills, you can build the confidence that attackers cannot turn security risks into security failures.
This course is appropriate for testing, QA, and software development practitioners who are responsible for developing and executing test strategies and plans for functional and non-functional security requirements. This course requires an ability to understand security risk patterns used by attackers. Participants should be comfortable reviewing code as part of their testing activities.
 |
|
Each public course participant receives a copy of Gary McGraw's Software Security: Building Security In.
Valid for public courses only. |
|
