Center for Qualified CyberSecurity Excellence & Mastery

"Where Qualified Cyber Education Happens"

Software Security Testing Best Practices

How do you find security flaws beyond simple ones like buffer overflows? Most of the current software security testing falls into one of two categories: random corruption of files or network protocols and rE-executing existing, known vulnerabilities against new versions of software. In 72 hours you will learn how hackers find subtle and innovative flaws and exploit them, you need a more methodical, creative process to find them before you do. Learn what it takes to do an application security threat assessment of your software before they go live. You’ll develop a comprehensive security test strategy and build a team with the right mix of skills and experience to execute it. Discover approaches for using fault injection to find application security vulnerabilities before your software is exposed to hackers.

Class Fee: $3,990
Time: 72 hrs
Learning Level: Entry
Contact Hours: 40 hr Lecture 32 hr labs
Prerequisites: Understanding of TCP/IP Protocols
Credits: 72 CPE / 3 CEU
Method of Delivery: Residential (100% face-to-face) or Hybrid
Instructor: TBD
Method of Evaluation: 95 % attendance 2. 100 % completion of Lab
Grading: Pass = Attendance+ labs & quizzes Fail > 95% Attendance

Sample Job Titles:
Analyst Programmer/ Computer Programmer
Configuration Manager
Database Developer/Engineer/Architect
IA Engineer/ IA Software Developer
IA Software Engineer/ Research & Development Engineer
Secure Software Engineer/Security Engineer
Software Developer/Software Engineer/Architect
Systems Analyst/Web App Developer


This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.

Text Materials: SU Class handbook, lab, SU resource CD’s and attack handouts.

KU Outcomes

Learning Objectives.
Learn how to plan a security testing effort and integrate security testing into your QA process
Learn about risk assessments, test prioritizations and threat modeling
Acquire the skills to recognize and expose the most insidious security vulnerabilities in your applications
Discover tools, techniques and processes to make security an integral part of your release process and to create a security aware culture in your test team.
Learn the many categories of security bugs that may exist in your software and the secrets of application security testing

Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation

Tools for class -Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool, Nbtstat, Solarwinds, Saint Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP , Cain and Abel, Ettercap system hacking, John the Ripper Wireshark  sniffers, TCP dump, D sniff, tcpdump, Metasploit, ISS exploit, web app,Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), webgoat, IDA Pro, X Wget, Cyrpto tool, 'Curl' Fority, Ounce.

Who Should Attend?    This is a must-have class for functional testers who need to make the transition to finding security bugs. It is also essential for test managers because it teaches the soup to nuts process of security testing and how this type of testing fits in to the overall QA process. Additionally, developers and test managers, security auditors and anyone involved in software production. Attendees gain the skills and techniques to build a security testing team and expose the most insidious application security vulnerabilities.