What you will learn
This learning path teaches you the necessary security testing skills to conduct professional security assessments in various approaches. As you progress through the course, you will learn the core tenets of software security, build up your own personal security testing lab environment, identify and exploit vulnerabilities, break contemporary security systems, utilize world-famous tools and approaches and confidently communicate findings to all stakeholders. Upon completion, you will have the foundational knowledge and skills to carry out multiple types of security assessments, including penetration testing, security auditing and code analysis.
Syllabus
Introduction to Software Security Testing
Course — 00:22:24
K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0609, K0610, K0624, S0014, S0073, S0078, S0174
Environment setup is an essential process for becoming professional software security testers. This course will set up Kali Linux, a Debian-derived Linux distribution designed for digital forensics and penetration testing.
Important software security testing terminology
Course — 00:21:31
K0004, K0005, K0006, K0009, K0059, K0070, K0090, K0147, K0290, K0412, K0415, K0436, K0609, K0610, K0624, S0014, S0078, S0174
It is vitally important to learn and adopt critical terminology and vocabulary. This course will highlight some essential concepts that you need to know in software security testing.
Methodologies and standards
Course — 00:14:34
K0001, K0004, K0005, K0006, K0009, K0054, K0059, K0070, K0075, K0087, K0090, K0147, K0154, K0260, K0261, K0262, K0290, K0377, K0624, S0014, S0078, S0174
In this course, we will explore essential testing methodologies and standards that software security testers use regularly.
Software testing as a process
Course — 00:29:41
K0004, K0005, K0006, K0009, K0043, K0070, K0075, K0087, K0090, K0147, K0290, K0624, S0014, S0078, S0174
Continuous learning and improvement are essential to staying relevant. Software security testing is similar to chess: easy to learn but hard to master. In this course, we will explore software testing as a process.
The HTTP protocol
Course — 00:46:12
K0001, K0004, K0005, K0006, K0009, K0059, K0075, K0080, K0090, K0147, K0220, K0221, K0290, K0332, K0624
HTTP (HyperText Transfer Protocol) is the underlying protocol of the web. This course will explore the foundations of the HTTP protocol and the importance to software security.
Introduction to encoding
Course — 00:16:43
K0004, K0005, K0006, K0009, K0059, K0068, K0070, K0075, K0090, K0140, K0147, K0290, K0624, S0014, S0078, S0095, S0174
In this course, we will learn how to identify different encoding algorithms and decode them.
Information gathering
Course — 01:23:02
K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0315, K0408, K0624, S0014, S0078, S0174
There are two types of methods used during information gathering: active and passive reconnaissance. You will learn the main differences and how to use both techniques to your advantage.
Configuration and management testing
Course — 00:20:56
K0004, K0005, K0006, K0009, K0059, K0070, K0073, K0075, K0090, K0275, K0290, K0624, S0014, S0078, S0153, S0174
In this course, we will learn about configuration and management testing. It takes only a single vulnerability to undermine the entire infrastructure’s security, and even small and seemingly unimportant problems may evolve into severe risks for another application on the same server.
Identity management testing
Course — 00:14:31
K0004, K0005, K0006, K0007, K0009, K0056, K0059, K0065, K0070, K0075, K0090, K0158, K0290, K0624, S0014, S0031, S0078, S0174
This course will explore identity and access management as one of the most critical provisions for IT departments.
Authentication testing
Course — 00:12:48
K0004, K0005, K0006, K0007, K0009, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0336, K0487, K0624, S0014, S0078, S0174, S0367
In this course, we will explore authentication and different vulnerabilities in the implementation.
Authorization testing
Course — 00:22:06
K0004, K0005, K0006, K0007, K0009, K0037, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0336, K0487, K0624, S0014, S0078, S0174, S0367
Testing for authorization means understanding how the authorization process works and using that information to circumvent the authorization mechanism. In this course, we will learn about authorization and various vulnerabilities in the implementation.
Session management testing
Course — 00:29:12
K0004, K0005, K0006, K0009, K0059, K0061, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0078, S0174
In this course, we will explore some of the misconfigurations and vulnerabilities in session management.
Input validation testing
Course — 00:39:45
K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0160, K0290, K0624, S0014, S0019, S0078, S0174
In this course, we will explore data validation vulnerabilities and mitigation.
Error handling
Course — 00:12:48
K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0019, S0078, S0174
In this course, we will explore error handling vulnerabilities and mitigation.
Cryptography
Course — 00:14:54
K0004, K0005, K0006, K0009, K0018, K0019, K0044, K0059, K0070, K0075, K0090, K0147, K0290, K0308, K0624, S0014, S0073
Cryptography appears to be closely linked to modern electronic communication. This course will teach you about cryptography and weak cryptographic algorithms that should be avoided while developing software.
Business logic testing
Course — 00:14:27
K0004, K0005, K0006, K0009, K0059, K0068, K0070, K0075, K0090, K0146, K0147, K0403, S0014, S0078, S0174, S0354
Testing for business logic flaws in a multi-functional dynamic application requires thinking in unconventional ways. This course will teach you about the importance of business logic testing while helping you to think creatively.
Client-side testing
Course — 00:32:57
K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0077, K0090, K0147, K0286, K0290, K0444, K0624, S0014, S0078, S0174
Client-side testing refers to any type of testing that occurs in the user’s browser. This course will explore testing mechanisms for client-side vulnerabilities and ways to mitigate and reduce impact.
Software security testing project
Course — 02:18:37
K0004, K0005, K0006, K0009, K0059, K0070, K0075, K0090, K0147, K0290, K0624, S0014, S0078, S0174
Test your knowledge of software security testing with this project.
Software Security Testing Skill Assessment
Assessment — 88 questions — 00:44:00
The details
Learning path insights

How to claim CPEs
Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.
Associated NICE Work Roles
All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.
- All-Source Analyst
- Mission Assessment Specialist
- Exploitation Analyst
No software. No set up. Unlimited access.
Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Plans & pricing
-
Infosec Skills Personal
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
-
Infosec Skills Teams
- Team administration and reporting
- Dedicated client success manager
-
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
-
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments
You're in good company
We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.
Caleb Yankus
This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.
Daniel Simpson
We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.
Infosec Skills Teams client