design

  		Find IT training and SDLC training by State
 
click the map, enter a zip,
or course keyword to find
our current public sessions
    About ASPE Technology  |   Get Credit  |   Contact Us  |   Testimonials  |   Client List

For real-time information or assistance with classes,
call us toll-free at 877-800-5221 or email us at customerservice@aspetech.com
Course HomeCourse DatesCourse DetailsCourse OutlineCourse FacultyCourse Pricing
 

COURSE 3300 | 2-DAY SESSION
Hands-On How to Break Software Security
Course Outline

Hands-on labs will be conducted after each section.

Section 1: Overview of Application Security Testing

  • Why security bugs are different from functional bugs in software
  • How this distinction affects how you approach your testing efforts
  • Understand why security bugs are usually missed during functional testing
  • Recognize symptoms of insecure behavior so that they don’t elude your testing efforts

Chapter 1: The Four Classes of Security Vulnerability

  • Understand the characteristics of a security bug and what makes it so distinguished
  • Learn the four basic classifications of security vulnerabilities
    — User interface
    — Operating-system kernel
    — File system
    — Software Systems
  • Conduct attacks against all four classifications

Chapter 2: Assessing Risk

  • Learn how to recognize the security threats to your application
  • Simulate the mindset of an attacker
  • Master the art of translating threats into malicious uses of your software
  • Learn to master the cat and mouse game — recognizing potential security holes before attackers do

Chapter 3. An Overview of the Methodology of How to Break Software Security

  • Determining which security attacks apply to your application
  • Conducting attacks and recognizing whether or not you were successful at exploitation

Section 2: Attacking Your Application

Chapter 4: Attacking Dependencies
Dependencies give the application a lot of functionality, but they also riddle the application with vulnerabilities such as buffer overflows in managed code and race conditions.

  • Learn advanced testing techniques
  • Assess how your application responds (securely or insecurely)
  • What happens when dependency fails
  • Understand how these resources and cause your application to behave insecurely
    — Memory
    — Network
    — Files
    — Registry
  • Simulate dependency failures in your application’s environment using Fault Injection tools

Hands-On Lab:
Attack 1 – Block Access to Libraries

Chapter 5: Attacking through the User Interface
The application’s User Interface is the most common place to find vulnerabilities that are most commonly attacked, and we’ll discuss how to do so.

  • Learn about
    — SQL injection
    — Buffer overflows
    — Escape characters
    — Executable data
    — And other dangerous vulnerabilities that can’t be missed
  • Discuss the most common security vulnerability in software and how to test for it
  • Learn techniques to expose security vulnerabilities in your software through the user interface

Hands-On Labs:
Attack 2 – Manipulate Registry
Attack 3 – File Corruption Lab
Attack 4 – Replace File the Application Uses Lab

Chapter 6: Attacking Design
The Software Design introduces many holes to your application because it is such a subjective process. Therefore, you must think differently about how the application was designed. You need to think like an attacker, which goes beyond what the software “does” and examines what functionality can manifest in security vulnerabilities at a later point - discovering functionality the application “shouldn’t” have.

  • Learn seven testing techniques to expose vulnerabilities that can creep into an application at the design stage
  • Understand why legacy code can create huge security holes
  • Learn how inappropriate uses of temporary files and the registry can be manipulated to force insecure behavior

Hands-On Labs:
Attack 5 – Holodeck vs Joe’s eatmem.exe
Attack 6 – Buffer Overflows
Attack 7 – AUX bug Lab
Attack 8 – SQL injection

Chapter 7: Attacking Implementation
The implementation phase of the SDLC is where you are most likely to encounter security vulnerabilities - largely because each developer may not have the training or the vision to write secure code.

  • Learn four techniques that can expose vulnerabilities due to implementation errors
  • Learn about how timing related vulnerabilities work and how to expose them during testing.

Hands-On Labs:
Attack 9 – Connection to All Ports Demo & Lab
Attack 10 – Fake the Source of Data
Attack 11 – Create Loop Conditions
Attack 12 – Exploring possible ways to accomplish the same task
Attack 13 – Forcing applications to use default values
Attack 14 – Finding and dealing with delay verification
Attack 15 – Removing application assumptions
Attack 16 – Removing sensitive information from error messages
Attack 17 – Temporary Files


ASPE logo

Courses >> Homepage >> About ASPE >> Site Map >> Curriculum Areas >> Free Technical Offers >> Free Web Seminars >> Custom Training >> Business Analyst Training >> Requirements Training >> Project Management Training >> Agile Training >> Software Testing Training >> Microsoft Training >> Red Hat Training >> Application Development Training >> Business Intelligence Training >> Java Training >> Virtualization Training >> Enterprise Architecture Training >> Networking Training >> Security Training

Toll Free: (877) 800-5221 • Fax: (919) 816-1710
ASPE • 114 Edinburgh South Dr. - Suite 104 • P.O. Box 5488 • Cary, NC 27511