Course Code
owaspwstg
Duration
21 hours (usually 3 days including breaks)
Requirements
- A general understanding of web development lifecycle
- Experience in web application development, security, and testing
Audience
- Developers
- Engineers
- Architects
Overview
The Web Security Testing Guide (WSTG) is a community-led, open-source testing resource that provides a comprehensive framework in performing security testing for web applications and services. The Open Web Application Security Project (OWASP) Foundation and its online community continuously develop the WSTG.
This instructor-led, live training (online or onsite) is aimed at developers, engineers, and architects who wish to apply the WSTG testing framework, principles, and techniques to secure their web applications and services.
By the end of this training, participants will be able to:
- Use the WSTG to implement testing processes and techniques in the web development lifecycle.
- Explore different testing techniques to customize the WSTG framework based on business needs.
- Perform various security testing methods to protect web applications from risks and attacks.
- Create an assessment report to document security testing findings and results.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Course Outline
Introduction
Overview of Web Security Testing Guide
- The OWASP Testing Project
- Tailoring and prioritizing for organizations
- Testing principles and techniques
- Security testing objectives and requirements
Exploring Various Testing Techniques
- Manual inspections and reviews
- Threat modeling
- Source code review
- Penetration testing
- Security test integration and data analysis
Understanding the OWASP Testing Framework
- Activities from development to deployment
- Maintenance and operations
- Lifecycle end-to-end testing framework and workflow
- Penetration testing methodologies
Performing Web Application Security Testing
- Information gathering
- Configuration and deployment management testing
- Identity management testing
- Authentication and authorization testing
- Session management testing
- Input validation testing
- Testing for error handling
- Testing for weak cryptography
- Business logic testing
- Client-side testing
- API testing
Reporting the Testing Assessment and Results
- Introduction section
- Executive summary
- Findings section
- Appendices
Getting Involved in the Web Security Testing Guide
- Referencing and linking WSTG scenarios
- Code of conduct
- Contribution guide
- Feature requests and feedback
Summary and Conclusion
.png "new york stock exchange (nyse)")
_ireland.gif "environmental protection agency (epa) ireland")
.png "aeronautical radio, incorporated (arinc)"){kind=small}
.jpg "european organization for nuclear research (cern)")
.png "european space agency (esa)")
