7Safe Certified Security Testing Professional Training (CSTP)

Print Friendly, PDF & Email
Introduction

This three-day 7Safe Certified Security Testing Professional Training (CSTP) course is designed to give you the skills you need to undertake an application penetration test in order to ensure valuable data and assets are effectively protected. You will have access to a functional ASP.NET and PHP application through which theory is reinforced by way of practical exercises in order to demonstrate hacking techniques with defensive countermeasures always in mind.

Duration: 3 days

7Safe Certified Security Testing Professional Training (CSTP) Related Courses

 
Customize It

• If you are familiar with some aspects of this 7Safe Certified Security Testing Professional Training (CSTP) course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the 7Safe Certified Security Testing Professional Training (CSTP) course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the 7Safe Certified Security Testing Professional Training (CSTP) course in manner understandable to lay audiences.

Audience:

• Anyone with responsibility for, or an interest in, the security of web applications, including:
• System administrators
• Software developers
• Budding penetration testers
• Anyone subject to the requirements of the Payment Card Industry Data Security Standard (PCI DSS)

7Safe Certified Security Testing Professional Training (CSTP) - Prerequisites:

A basic understanding of how a web page is requested and delivered, e.g.

• Are you familiar with the high-level components involved, e.g. browsers, web servers, web applications and databases?
• Do you have a basic understanding of HTTP?
• Do you have a basic understanding of HTML?

A basic understanding of databases and SQL would be an advantage, e.g.

• Do you understand the concept of data storage in tables within a relational database?
• Can you construct a simple SELECT statement to extract data from a table?

A basic understanding of databases and SQL would be an advantage, e.g.

• Do you understand the concept of data storage in tables within a relational database?
• Can you construct a simple SELECT statement to extract data from a table?

7Safe Certified Security Testing Professional Training (CSTP) - Objectives:

After completing this 7Safe Certified Security Testing Professional Training (CSTP) course, attendees will be able to:

• A number of methodologies for undertaking a web application penetration test
• How to exploit vulnerabilities to access data and functionality
• A range of defensive countermeasures as well as sufficient knowledge as to how to counter these attacks
• Learn effective techniques to identify exploits and vulnerabilities
• Improve your ability to respond effectively to cyber threats
• Gain valuable preparation for the CREST Registered Penetration Tester (CRT) examination and the knowledge required to join our CAST course (advanced web application security)
• Acquire the skills and understanding to progress to the next stage in your career as a security professional

WHAT QUALIFICATION WILL I RECEIVE?

• Those delegates successfully passing the exam at the end of the 7Safe Certified Security Testing Professional Training (CSTP) course will be awarded 7Safe’s Certified Security Testing Professional (CSTP) qualification.

7Safe Certified Security Testing Professional Training (CSTP) - Course Content:

1. Principles

a. Web refresher
b. Proxies c. The OWASP Top Ten
d. Web application security auditing
e. Tools and their limitations
f. HTTP request and response modification g. Logic flaws

2. Injection

a. Types
b. Databases overview – data storage, SQL
c. SQL injection – data theft, authentication
d. Bypass, stored procedures
e. Information leakage through errors
f. Blind SQL injection

3. Broken Authentication and Session Management

a. Scenarios
b. Attacking authentication pages
c. Insecure Direct Object Reference
d. Direct vs indirect object references
e. Authorisation
f. Cross-site Request Forgery (CSRF)
g. Exploiting predictable requests

4. Cross-site Scripting (XSS)

a. JavaScript
b. Email spoofing
c. Phishing
d. Reflected and Stored/Persistent XSS
e. Cookies, sessions and session hijacking

5. Insecure Direct Object Reference

a. Scenarios
b. Information leakage through logs

6. Security Misconfiguration

a. Scenarios

7. Sensitive Data Exposure

a. Identifying sensitive data
b. Secure storage methods

8. Unvalidated Redirects and Forwards

a. Scenarios

9. Conclusions

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0