Dobre praktyki wykonywania testów bezpieczeństwa

This course prepares testers and QA personnel to properly plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus provide basic practical skills that can be applied the next working day.

1. Types of security tests and their role in organizational security

• Infrastructure tests
• Application testing in the production process
• Application penetration testing
• APT tests
• Configuration tests

2. Designing security processes

• Responsibilities
• Examples of process construction
• Support tools
• Risk valuations
• The most common problems

3. Infrastructure tests

• Inventory vs. auto-discovery
• Sample tools
• Limiting the number of false positives
• The most common problems

4. Application testing in the production process

• Code Repository Security
• Static code scanning
• Project patterns

5. Application penetration testing

• Criteria for selecting applications for pentesting
• Types of Pentests
• Threat modeling
• Preparing the pentest
• Report evaluation

6. APT (Advanced Persistent Threat) Tests

• Types of APT tests and their goals
• Advantages and disadvantages of APT testing
• Preparing the APT test - what to remember.

7. Configuration tests

• Security standards for technology
• Sample tools