Security Testing Learning

danielbilling · 25 February 2021 11:45

I am (finally) working on developing an online security testing course.

This won’t instantly turn everyone into penetration testers, but will, I hope, start to enable, enthuse and develop our exploratory testing skills to include security more and more.

I know what I would want to produce in terms of content, however are there any specific areas of learning or interest that potential learners might want me to cover?

Cheers,
Dan

kristof · 25 February 2021 15:02

Security testing is pretty broad so if you are asking people like what to cover, could you tell us a bit more about what you had in mind? Are you going to focus on Web Application Security Testing or Network, Phising, Bounty hunting or perhaps risk assessment / ISO’s?

If you are asking for anything I would love to see some War Dialing & Database security scanning

danielbilling · 25 February 2021 15:21

Ahh…good point…it’ll be web to start with, and then broaden out from there.

meowy24 · 25 February 2021 16:04

I just wanted to say ooooooooooooooooooo exciting

testthisout · 3 March 2021 09:35

Please please please, can you include suggestions on how to reproduce errors for attracting attention? I mean sometimes I recognize the problem, I test the thing, also fix it but then I do not find an understandable way to say: “look this was dangerous, we are safer now!”.

danielbilling · 3 March 2021 11:10

Can you be a bit more specific on what you mean by ‘attracting attention’? I’m not sure what this means in your context.

testthisout · 3 March 2021 11:55

I mean demonstrating the value of your test by demonstrating the risk the business would incur by not solving the issue.
For example, if your test reproduces the exploit of an IDOR, how should I report it to make clear its priority? Should I state the risks? Should I show a video in which I access a resource I should not be able to access with my permissions? Should I demo it to business and developers?

claire.reckless · 3 March 2021 16:44

Perhaps something around how testers can be involved in , or even set up, threat modelling exercises

danielbilling · 3 March 2021 16:48

This will definitely be part of it

fullsnacktester · 3 March 2021 22:29

Yes! This would be great, I understand the concept but I’ve never actually taken part!

danielbilling · 4 March 2021 09:56

How about a live threat modelling? @heather_reid is this something we could organise? It’ll be more effective than a course, of which there are many

heather_reid · 4 March 2021 18:04

Certainly potential Pop a proposal through to myself and @mwinteringham and we’ll chat about it.

kristof · 11 June 2021 07:51

@danielbilling how is it going? Is there a table of content available?

++ excited ++

danielbilling · 11 June 2021 08:17

I’ve been working on this as part of the 99 Minute Workshop Instructors course. It seems to be the best way forward.

Topic		Replies	Views
Security testing online tutorial thing Discussions security , training	8	4423	17 April 2025
Discussion: Security Testing 🗓️ Events security , panel , discussions	4	982	3 May 2023
Small video tips/ideas on Security Content? Archive tools , learning , automation , security	1	342	11 June 2021
Testing Ask Me Anything – Security Testing with Saskia Coplans 🗓️ Events ask-me-anything , security , career-development	2	11092	4 November 2021
Tutorials for ZAP? Archive security	10	3874	11 June 2018

Security Testing Learning

Related topics