This course describes how to get started with security testing, introducing foundational security testing concepts and showing you how to apply those security testing concepts with free and commercial tools and resources. Offering a practical risk-based approach, the instructor discusses why security testing is important, how to use security risk information to improve your test strategy, and how to add security testing into your software development lifecycle.

  • This course is appropriate for software development and testing professionals who want to begin doing security testing as part of their assurance activities. Test and development managers will benefit from this course as well.


  • A background of basic software testing principles is required also a working knowledge of system testing and quality assurance fundamentals is assumed, but no specific technical background is required.


  • Learn how testing professionals can effectively security test software.
  • Discover how applications are developed and tested with security in mind.
  • Learn how to use security requirements to plan your testing efforts.
  • Explore key aspects of security testing web security, threat modeling, risk assessment.
  • Examine technical and team skills you need for success.
  • Learn to use common security testing tools for a variety of testing purposes.


  • Introduction to Security Testing.
  • History of information security.
  • The software security problem.
  • Understanding risk.
  • Security testing approaches.
  • Security testing framework.
  • Security Testing Prior to Development.
  • Security policy and standards.
  • Secure software development process.
  • Security Testing During Definition and Design.
  • Security requirements.
  • Architecture and design reviews.
  • Threat modeling.
  • Security test planning.
  • Security Testing During Implementation.
  • Secure code review.
  • Security testing features and functions.
  • Security testing interfaces and exceptions.
  • Understanding and Testing Security Controls.
  • Authentication and access control.
  • Input validation and encoding.
  • Encryption.
  • User and session management.
  • Error and exception handling.
  • Audit and logging.
  • Security Test tools.
  • Workshop.