Q/ST Qualified/ Software Security Testing BootCamp
This class is unique in the security industry. As a follow on to the class How to Attack Software Security, this class is less lecture and more hands on with your project for labs. In this class, attendees work together on the actual project applications, attacking for security vulnerabilities that they are programming day in and day out.
The security testing bootcamp takes top quality assurance testers and makes them into software security attackers with passion, knowledge and experience to test applications.
Who should attend:
Programming Managers and your teams. Software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists.
|Time:||7:45am - 5pm|
|Location:||Click here to view the class schedule|
|Prerequisites:||Understanding of TCP/IP protocols|
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
What Is CWE? Want more info on CWE?
Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to:
Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities.
Serve as a standard measuring stick for software security tools targeting these issues.
Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses.
Self Study and Nightly Assignments. Students will need to complete required reading and analyze how specific security issues correspond to their area of testing focus of the application.
Security Briefings. Each morning will start with a briefing on the software security issues specific to the project and application. Application-specific security attack and testing issues are discussed every morning and then implemented against the application throughout the day-long deep software security attack and testing sessions.
Application-specific Security Testing . Several days of intense hands-on security attacks are performed by the student on current applicationss. The class is broken into two-person teams who compete to find the most security defects by performing specific attacks on the sections of the product they typically perform QA testing.
Tools for class include many freeware tools and
Corporate Requirements . To achieve the required results, your company needs to provide access to a developer knowledgeable of the entire application, the complete threat model as well as details on past defects discovered in the application. This will enable a strategic attack plan to be created prior to the class that will be discussed and explained during the class.
This will be an intense several days of security education, attacks and testing that will push each attendee as they evolve from top quality assurance testers into lead security testers. Prizes will be awareded to the top attendees for each security defect discovered with special awards to the top three teams based on the number and severity of the security bugs and flaws they find.
*Class fees are subject to change