This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

InDepth Assessment Techniques

From OWASP
Revision as of 10:11, 20 September 2009 by Puneetm (talk | contribs) (Created page with '= '''In-depth Assessment Techniques: Design, Code, and Runtime''' = Course: In-depth Assessment Techniques: Design, Code, and Runtime<br>Course ID: SB1DIAT<br>Instructor: Pravir…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In-depth Assessment Techniques: Design, Code, and Runtime

Course: In-depth Assessment Techniques: Design, Code, and Runtime
Course ID: SB1DIAT
Instructor: Pravir Chandra
CPE Credits: 7 CPE’s
Duration: 1 Day
Date: November 20th, 2009 (9 AM – 6 PM)

Who should attend?
• Anyone who is interested in advancing their software assessment skills
• Security Architects & Consultants wanting to learn advanced secure design concepts
• Team leads and developers interested in learning more about Design reviews, code reviews and
Runtime code analysis
• Penetration Testers and security testers

Class Pre-requisite:
• The tutorial has a primary focus on intermediate/advanced assessment and testing concepts for architects and developers.
• Prior experience in Penetration testing or software security assessment preferred.

Class Requirement: No laptop required.

Course Description:

This tutorial is targeted at those wanting to enhance their software assessment skills. Specifically, the tutorial teaches attendees techniques for design analysis, code review, and penetration testing that uncovers a wide variety of vulnerabilities and weaknesses in applications. If you have pre-existing skills and want to learn more than this course is perfect. The tutorial will generally focus on web applications, but most information applies to software of any type. In addition, attendees will learn general methods for protecting against the security issues uncovered by each assessment technique.

The tutorial topics include:
• System decomposition for analysis
• Lightweight threat/risk modeling
• Identifying interfaces/attack surface
• Testing business logic and edge cases
• Assessing for provision of security mechanisms
• Assessing for key vulnerability classes
• Risk classification and weighting
• Root cause analysis and patching

The tutorial has a primary focus on intermediate/advanced assessment and testing concepts for architects and developers. Automated security assessment tools will be discussed in context, but not demoed.