Security Testing Learning

I am (finally) working on developing an online security testing course.

This won’t instantly turn everyone into penetration testers, but will, I hope, start to enable, enthuse and develop our exploratory testing skills to include security more and more.

I know what I would want to produce in terms of content, however are there any specific areas of learning or interest that potential learners might want me to cover?

Cheers,
Dan

6 Likes

Security testing is pretty broad so if you are asking people like what to cover, could you tell us a bit more about what you had in mind? Are you going to focus on Web Application Security Testing or Network, Phising, Bounty hunting or perhaps risk assessment / ISO’s?

If you are asking for anything I would love to see some War Dialing & Database security scanning :slight_smile:

2 Likes

Ahh…good point…it’ll be web to start with, and then broaden out from there.

1 Like

I just wanted to say ooooooooooooooooooo exciting :smiley:

2 Likes

Please please please, can you include suggestions on how to reproduce errors for attracting attention? I mean sometimes I recognize the problem, I test the thing, also fix it but then I do not find an understandable way to say: “look this was dangerous, we are safer now!”.

1 Like

Can you be a bit more specific on what you mean by ‘attracting attention’? I’m not sure what this means in your context.

1 Like

I mean demonstrating the value of your test by demonstrating the risk the business would incur by not solving the issue.
For example, if your test reproduces the exploit of an IDOR, how should I report it to make clear its priority? Should I state the risks? Should I show a video in which I access a resource I should not be able to access with my permissions? Should I demo it to business and developers?

2 Likes

Perhaps something around how testers can be involved in , or even set up, threat modelling exercises

2 Likes

This will definitely be part of it

3 Likes

Yes! This would be great, I understand the concept but I’ve never actually taken part!

1 Like

How about a live threat modelling? @heather_reid is this something we could organise? It’ll be more effective than a course, of which there are many

3 Likes

Certainly potential :slight_smile: Pop a proposal through to myself and @mwinteringham and we’ll chat about it.

1 Like

@danielbilling how is it going? Is there a table of content available? :smiley:

++ excited ++

1 Like

I’ve been working on this as part of the 99 Minute Workshop Instructors course. It seems to be the best way forward.

3 Likes