About this course

Tech type Premium
Course code QATTSR
Duration 2 Days

This course aims to teach delegates the various tools, techniques and procedures for identifying and researching vulnerabilities in open and closed source applications which often go undetected by vulnerability scanners.

Audience

This course is aimed at security professionals, penetration testers, researchers, developers and anyone who wishes to learn how to identify and research unknown vulnerabilities in both web and system applications.

Prerequisites

Experience with command line Linux is advantageous however it is not essential as the instructor will guide the delegates through each task.

Delegates will learn how to

  • The limitations of generic vulnerability scanners
  • The different types of vulnerabilities
  • How to find and use relevant documentation useful to testing
  • How to identify inputs in applications for testing
  • How to review source code for vulnerabilities
  • How to use debuggers and disassemblers to identify possible vulnerabilities
  • How to use interception proxies
  • How to use packet analysis tools
  • How to test inputs using educated guess work
  • How to fuzz applications for vulnerabilities

Outline

Module 1 - Application analysis

This module helps delegates understand the ways in which inputs in applications can be identified using online resources, static analysis and tools such as interception proxies, packet analysis tools and debuggers.

This module covers the following subjects:

  • How to use online resources to identify useful information for testing
  • How to identify inputs to applications
  • How to perform static analysis of source code
  • How to analyse applications using open source tools

Module 2 - Finding applications for vulnerabilities

This module helps delegates understand the various methods and techniques for testing applications for unknown vulnerabilities after analysing applications.

This module covers the following subjects:

  • How to test applications for vulnerabilities using educated guess work
  • How to test web applications using ZAP
  • How to fuzz web applications for vulnerabilities
  • How to fuzz system applications for vulnerabilities

Learning outcomes

Delegates will be able to understand the process and methods used to analyse applications for unknown vulnerabilities. Delegates will gain experience analysing both open and closed source applications using various tools and techniques allowing them to identify potential inputs to applications and test those inputs for vulnerabilities.

Premium Course

2 Days

Duration

This course is authored by QA

Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.