CMDBID: 74694 | Course Code: QATTSR | Duration: 2 Days
This course aims to teach delegates the various tools, techniques and procedures for identifying and researching vulnerabilities in open and closed source applications which often go undetected by vulnerability scanners.
This course is aimed at security professionals, penetration testers, researchers, developers and anyone who wishes to learn how to identify and research unknown vulnerabilities in both web and system applications.
The limitations of generic vulnerability scanners
The different types of vulnerabilities
How to find and use relevant documentation useful to testing
How to identify inputs in applications for testing
How to review source code for vulnerabilities
How to use debuggers and disassemblers to identify possible vulnerabilities
How to use interception proxies
How to use packet analysis tools
How to test inputs using educated guess work
How to fuzz applications for vulnerabilities
Experience with command line Linux is advantageous however it is not essential as the instructor will guide the delegates through each task.
Module 1 - Application analysis
This module helps delegates understand the ways in which inputs in applications can be identified using online resources, static analysis and tools such as interception proxies, packet analysis tools and debuggers.
This module covers the following subjects:
How to use online resources to identify useful information for testing
How to identify inputs to applications
How to perform static analysis of source code
How to analyse applications using open source tools
Module 2 - Finding applications for vulnerabilities
This module helps delegates understand the various methods and techniques for testing applications for unknown vulnerabilities after analysing applications.
How to test applications for vulnerabilities using educated guess work
How to test web applications using ZAP
How to fuzz web applications for vulnerabilities
How to fuzz system applications for vulnerabilities
Delegates will be able to understand the process and methods used to analyse applications for unknown vulnerabilities. Delegates will gain experience analysing both open and closed source applications using various tools and techniques allowing them to identify potential inputs to applications and test those inputs for vulnerabilities.
Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well
as public sector institutions such as the Department of Defence and the Department of Health.