Learning Path

Software Security Testing

    Syllabus

  • Identity management testing Course — 00:14:31
    • K0004, K0005, K0006, K0007, K0009, K0056, K0059, K0065, K0070, K0075, K0090, K0158, K0290, K0624, S0014, S0031, S0078, S0174

      This course will explore identity and access management as one of the most critical provisions for IT departments.

  • Information gathering Course — 01:23:02
    • K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0315, K0408, K0624, S0014, S0078, S0174

      There are two types of methods used during information gathering: active and passive reconnaissance. You will learn the main differences and how to use both techniques to your advantage.

  • The HTTP protocol Course — 00:46:12
    • HTTP (HyperText Transfer Protocol) is the underlying protocol of the web. This course will explore the foundations of the HTTP protocol and the importance to software security.

  • Methodologies and standards Course — 00:14:34
    • K0001, K0004, K0005, K0006, K0009, K0054, K0059, K0070, K0075, K0087, K0090, K0147, K0154, K0260, K0261, K0262, K0290, K0377, K0624, S0014, S0078, S0174

      In this course, we will explore essential testing methodologies and standards that software security testers use regularly.

  • Client-side testing reports Course — 00:39:56
    • K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0077, K0090, K0147, K0286, K0290, K0315, K0354, K0444, K0451, K0624, S0014, S0037, S0078, S0174

      The cornerstone of a successful penetration test lies in the technical expert’s capacity to administer the test and in how well the importance of its results is communicated. This course will help you learn crucial components of a software security testing report.

  • Introduction to Software Security Testing Course — 00:12:24
    • K0004, K0005, K0006, K0009, K0059, K0070, K0147, K0290, K0609, K0610, K0624, K0090, K0075, S0014, S0073, S0078, S0174

      Environment setup is an essential process for becoming professional software security testers. This course will set up Kali Linux, a Debian-derived Linux distribution designed for digital forensics and penetration testing.

  • Business logic testing Course — 00:14:27
    • K0004, K0005, K0006, K0009, K0059, K0068, K0070, K0075, K0090, K0146, K0147, K0403, S0014, S0078, S0174, S0354

      Testing for business logic flaws in a multi-functional dynamic application requires thinking in unconventional ways. This course will teach you about the importance of business logic testing while helping you to think creatively.

  • Error handling Course — 00:12:48
    • K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0019, S0078, S0174

      In this course, we will explore error handling vulnerabilities and mitigation.

  • Session management testing Course — 00:29:12
    • K0004, K0005, K0006, K0009, K0059, K0061, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0078, S0174

      In this course, we will explore some of the misconfigurations and vulnerabilities in session management.

  • Authentication testing Course — 00:12:48
    • K0004, K0005, K0006, K0007, K0009, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0336, K0487, K0624, S0014, S0078, S0174, S0367

      In this course, we will explore authentication and different vulnerabilities in the implementation.

  • Configuration and management testing Course — 00:20:56
    • K0004, K0005, K0006, K0009, K0059, K0070, K0073, K0075, K0090, K0275, K0290, K0624, S0014, S0078, S0153, S0174

      In this course, we will learn about configuration and management testing. It takes only a single vulnerability to undermine the entire infrastructure’s security, and even small and seemingly unimportant problems may evolve into severe risks for another application on the same server.

  • Introduction to encoding Course — 00:16:43
    • K0004, K0005, K0006, K0009, K0059, K0068, K0070, K0075, K0090, K0140, K0147, K0290, K0624, S0014, S0078, S0095, S0174

      In this course, we will learn how to identify different encoding algorithms and decode them.

  • Software testing as a process Course — 00:29:41
    • K0004, K0005, K0006, K0009, K0043, K0070, K0075, K0087, K0090, K0147, K0290, K0624, S0014, S0078, S0174

      Continuous learning and improvement are essential to staying relevant. Software security testing is similar to chess: easy to learn but hard to master. In this course, we will explore software testing as a process.

  • Software security testing project Course — 00:07:37
    • K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0078, S0174

      Test your knowledge of software security testing with this project.

  • Important software security testing terminology Course — 00:21:31
    • K0004, K0005, K0006, K0009, K0059, K0070, K0090, K0147, K0290, K0412, K0415, K0436, K0609, K0610, K0624, S0014, S0078, S0174

      It is vitally important to learn and adopt critical terminology and vocabulary. This course will highlight some essential concepts that you need to know in software security testing.

  • Client-side testing Course — 00:32:57
    • K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0077, K0090, K0147, K0286, K0290, K0444, K0624, S0014, S0078, S0174

      Client-side testing refers to any type of testing that occurs in the user’s browser. This course will explore testing mechanisms for client-side vulnerabilities and ways to mitigate and reduce impact.

  • Cryptography Course — 00:14:54
    • K0004, K0005, K0006, K0009, K0018, K0019, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0308, K0624, S0014, S0073

      Cryptography appears to be closely linked to modern electronic communication. This course will teach you about cryptography and weak cryptographic algorithms that should be avoided while developing software.

  • Input validation testing Course — 00:39:45
    • K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0160, K0290, K0624, S0014, S0019, S0078, S0174

      In this course, we will explore data validation vulnerabilities and mitigation.

  • Authorization testing Course — 00:22:06
    • K0004, K0005, K0006, K0007, K0009, K0037, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0336, K0487, K0624, S0014, S0078, S0174, S0367

      Testing for authorization means understanding how the authorization process works and using that information to circumvent the authorization mechanism. In this course, we will learn about authorization and various vulnerabilities in the implementation.

  • Software Security Testing Skill Assessment Assessment — 00:44:00

Syllabus

What you will learn

This learning path teaches you the necessary security testing skills to conduct professional security assessments in various approaches. As you progress through the course, you will learn the core tenets of software security, build up your own personal security testing lab environment, identify and exploit vulnerabilities, break contemporary security systems, utilize world-famous tools and approaches and confidently communicate findings to all stakeholders. Upon completion, you will have the foundational knowledge and skills to carry out multiple types of security assessments, including penetration testing, security auditing and code analysis.

Wistia video thumbnail

Meet the author

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. lnfosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client