Learning Path

Software Security Testing

Learn industry standards to perform assessments for secure technologies.

Start Free Trial

What you will learn

This learning path teaches you the necessary security testing skills to conduct professional security assessments in various approaches. As you progress through the course, you will learn the core tenets of software security, build up your own personal security testing lab environment, identify and exploit vulnerabilities, break contemporary security systems, utilize world-famous tools and approaches and confidently communicate findings to all stakeholders. Upon completion, you will have the foundational knowledge and skills to carry out multiple types of security assessments, including penetration testing, security auditing and code analysis.

Wistia video thumbnail

Syllabus

Introduction to Software Security Testing

Course — 00:22:24

K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0609, K0610, K0624, S0014, S0073, S0078, S0174

Environment setup is an essential process for becoming professional software security testers. This course will set up Kali Linux, a Debian-derived Linux distribution designed for digital forensics and penetration testing.

Important software security testing terminology

Course — 00:21:31

K0004, K0005, K0006, K0009, K0059, K0070, K0090, K0147, K0290, K0412, K0415, K0436, K0609, K0610, K0624, S0014, S0078, S0174

It is vitally important to learn and adopt critical terminology and vocabulary. This course will highlight some essential concepts that you need to know in software security testing.

Methodologies and standards

Course — 00:14:34

K0001, K0004, K0005, K0006, K0009, K0054, K0059, K0070, K0075, K0087, K0090, K0147, K0154, K0260, K0261, K0262, K0290, K0377, K0624, S0014, S0078, S0174

In this course, we will explore essential testing methodologies and standards that software security testers use regularly.

Software testing as a process

Course — 00:29:41

K0004, K0005, K0006, K0009, K0043, K0070, K0075, K0087, K0090, K0147, K0290, K0624, S0014, S0078, S0174

Continuous learning and improvement are essential to staying relevant. Software security testing is similar to chess: easy to learn but hard to master. In this course, we will explore software testing as a process.

The HTTP protocol

Course — 00:46:12

K0001, K0004, K0005, K0006, K0009, K0059, K0075, K0080, K0090, K0147, K0220, K0221, K0290, K0332, K0624

HTTP (HyperText Transfer Protocol) is the underlying protocol of the web. This course will explore the foundations of the HTTP protocol and the importance to software security.

Introduction to encoding

Course — 00:16:43

K0004, K0005, K0006, K0009, K0059, K0068, K0070, K0075, K0090, K0140, K0147, K0290, K0624, S0014, S0078, S0095, S0174

In this course, we will learn how to identify different encoding algorithms and decode them.

Information gathering

Course — 01:23:02

K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0315, K0408, K0624, S0014, S0078, S0174

There are two types of methods used during information gathering: active and passive reconnaissance. You will learn the main differences and how to use both techniques to your advantage.

Configuration and management testing

Course — 00:20:56

K0004, K0005, K0006, K0009, K0059, K0070, K0073, K0075, K0090, K0275, K0290, K0624, S0014, S0078, S0153, S0174

In this course, we will learn about configuration and management testing. It takes only a single vulnerability to undermine the entire infrastructure’s security, and even small and seemingly unimportant problems may evolve into severe risks for another application on the same server.

Identity management testing

Course — 00:14:31

K0004, K0005, K0006, K0007, K0009, K0056, K0059, K0065, K0070, K0075, K0090, K0158, K0290, K0624, S0014, S0031, S0078, S0174

This course will explore identity and access management as one of the most critical provisions for IT departments.

Authentication testing

Course — 00:12:48

K0004, K0005, K0006, K0007, K0009, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0336, K0487, K0624, S0014, S0078, S0174, S0367

In this course, we will explore authentication and different vulnerabilities in the implementation.

Authorization testing

Course — 00:22:06

K0004, K0005, K0006, K0007, K0009, K0037, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0336, K0487, K0624, S0014, S0078, S0174, S0367

Testing for authorization means understanding how the authorization process works and using that information to circumvent the authorization mechanism. In this course, we will learn about authorization and various vulnerabilities in the implementation.

Session management testing

Course — 00:29:12

K0004, K0005, K0006, K0009, K0059, K0061, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0078, S0174

In this course, we will explore some of the misconfigurations and vulnerabilities in session management.

Input validation testing

Course — 00:39:45

K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0160, K0290, K0624, S0014, S0019, S0078, S0174

In this course, we will explore data validation vulnerabilities and mitigation.

Error handling

Course — 00:12:48

K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0019, S0078, S0174

In this course, we will explore error handling vulnerabilities and mitigation.

Cryptography

Course — 00:14:54

K0004, K0005, K0006, K0009, K0018, K0019, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0308, K0624, S0014, S0073

Cryptography appears to be closely linked to modern electronic communication. This course will teach you about cryptography and weak cryptographic algorithms that should be avoided while developing software.

Business logic testing

Course — 00:14:27

K0004, K0005, K0006, K0009, K0059, K0068, K0070, K0075, K0090, K0146, K0147, K0403, S0014, S0078, S0174, S0354

Testing for business logic flaws in a multi-functional dynamic application requires thinking in unconventional ways. This course will teach you about the importance of business logic testing while helping you to think creatively.

Client-side testing

Course — 00:32:57

K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0077, K0090, K0147, K0286, K0290, K0444, K0624, S0014, S0078, S0174

Client-side testing refers to any type of testing that occurs in the user’s browser. This course will explore testing mechanisms for client-side vulnerabilities and ways to mitigate and reduce impact.
Software security testing project

Course — 02:18:37

K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0078, S0174

Test your knowledge of software security testing with this project.

Software Security Testing Skill Assessment

Assessment — 88 questions — 00:44:00

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Get Demo

Plans & pricing

  • Infosec Skills Personal

    $299 / year
    Buy Now 7-Day Free Trial
    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support

  • Infosec Skills Teams

    $799 per license / year
    Book a Meeting
    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start Free Trial

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client