PSQT
2005 West
May 2-6, 2005
Las Vegas, NV

Exhibitors

Keynote Speakers

Tutorials

Detailed Program

Detailed Program in PDF

Hotel

Registration

Conference Review Board

Sponsors

Feedback

PSQT
Home

System and Application Testing for Security Vulnerabilities

(CSTP Elective)

This tutorial counts as training towards the Certified Software Test Professional requirements.

Abstract

Are your software systems vulnerable to attack? If your system has a server in it or a database, it is vulnerable. Even if it exists in a secure closed network with no outside connections, i.e. the Internet, it is still vulnerable. If your application has a single data entry point in it, then your system is vulnerable. Even if your system does not contain any business intelligence, financial information, or strategic information it can still be a worthwhile a target for hackers, simply for its computing power and its connections, or the damage it could do if it failed. Making sure that your applications and systems are secure is a big job. Traditional “Security” groups focus on the Network and a few simple Attack Vectors. This passive approach to detecting security breaches through systems monitoring is not adequate to protect our systems from today’s hackers who can compromise security and disable a machine in 15 seconds. Or, they can take control of a machine in less than 3 minutes. We must take a very aggressive approach to identifying and eradicating security vulnerabilities from our systems and applications before they are exploited. Software testers are in the position to make a major contribution to the Security of our Software and Systems. This seminar brings you up to speed on today’s security realities and shows you just how insecure our computer systems are. You will find out what hackers are doing, how they are doing it, and why, so that you can prepare your software applications and systems for the war zone where they will have to survive. This seminar shows testers what to test for and how to test it to ensure their system is able to withstand current attack strategies. The seminar also presents security testing automation strategies and tools, and resources that will keep you informed of security vulnerabilities as they are discovered.

Students Learn How To:

  • Identify Security Targets and Attack Surfaces in applications and systems
  • Test for the most common types of security failures
  • Stay informed about current Security Issues

Course Outline

Introduction –Our Software Systems are Under Constant Attack

  • How bad is it really? –Yes, its really that bad
  • Profile of the Black Hat
    • What they do
    • How they do it
    • Why they do it
      • Information Theft, Compromise, Resource Diversion and Repurposing, Total Destruction

The Mechanics of Security Breach

  • Attack Vectors
  • Attack Surfaces in Software Systems
    • Networks
    • Servers
    • Data Bases
    • Applications:
      • Server side applications
      • Client side applications
    • Attack Styles: Diversions, Breaches, Infiltrations, Exploitations

What to Test and How to Test It

  • Buffer Overflow
  • SQL Injection
  • Code Insertion
  • And more...

Automated Tools

  • GreenBlue Inspector

 
Join our Mailing List to be reminded of future events






PSQT Conference.com is sponsored by Software Dimensions Consulting and Training, Inc.
Contact Us
© 2010 Software Dimensions