STAREAST 2017 Pre-conference Training : Security Testing for Test Professionals (2-Day)

SEE PRICING & PACKAGES

Sunday, April 29, 2018 - 8:30am to Monday, April 30, 2018 - 5:00pm

Security Testing for Test Professionals (2-Day)

Add to calendar
  • Learn how testing professionals can effectively security test software
  • Discover how applications are developed and tested with security in mind
  • Learn how to use security requirements to plan your testing efforts
  • Explore key aspects of security testing—web security, threat modeling, risk assessment
  • Examine technical and team skills you need for success
  • Learn to use common security testing tools for a variety of testing purposes

Course Description
Your organization is doing well with functional, usability, and performance testing. However, you know that software security is a key part of your assurance and compliance strategy for protecting applications and critical data. Left undiscovered, security-related defects can wreak havoc in a system when malicious invaders attack. If you don’t know where to start with security testing and don’t know what you are looking for, this course is for you. It describes how to get started with security testing, introducing foundational security testing concepts and showing you how to apply those security testing concepts with free and commercial tools and resources. Offering a practical risk-based approach, the instructor discusses why security testing is important, how to use security risk information to improve your test strategy, and how to add security testing into your software development lifecycle.

Practice of Security Testing
Explore security testing in an informal and interactive workshop setting. Examples are studied through a series of small group exercises and discussions.

Who Should Attend
This course is appropriate for software development and testing professionals who want to begin doing security testing as part of their assurance activities. Test and development managers will benefit from this course as well. A background in software testing is necessary for this course.

Course Outline

Introduction to Security Testing
History of information security
The software security problem
Understanding risk
Security testing approaches
Security testing framework

Security Testing Prior to Development
Security policy and standards
Secure software development process

Security Testing During Definition and Design
Security requirements
Architecture and design reviews
Threat modeling
Security test planning

Security Testing During Implementation
Secure code review
Security testing features and functions
Security testing interfaces and exceptions

Understanding and Testing Security Controls
Authentication and access control
Input validation and encoding
Encryption
User and session management
Error and exception handling
Audit and logging

Class Daily Schedule
Sign-In/Registration 7:30 - 8:30 a.m.
Morning Session 8:30 a.m. - 12:00 p.m.
Lunch 12:00 - 1:00 p.m.
Afternoon Session 1:00 - 5:00 p.m.
Times represent the typical daily schedule. Please confirm your schedule at registration.
Training Course Fee Includes
• Tuition
• Course notebook
• Continental breakfasts and refreshment breaks
• Lunches
• Letter of completion
Jeffery Payne
Coveros, Inc.

Jeffery Payne is CEO and founder of Coveros, Inc., a software company that builds secure software applications using agile methods. Since its inception in 2008, Coveros has become a market leader in secure agile principles and recognized by Inc. magazine in 2012 as one of the fastest growing private companies in the country. Prior to founding Coveros, Jeffery was chairman of the board, CEO, and co-founder of Cigital, Inc., a market leader in software security consulting. He has published more than thirty papers on software development and testing, and testified before Congress on issues of national importance, including intellectual property rights, cyber terrorism, and software quality.