Security testing

Security testing is one of the most interesting topics in the entire testing profession. This is where knowledge of testing theory, application behavior, human psychology and common computer errors intersect.

This theme is most popular for web applications. Why?

• Web applications are designed for mass use, so malfunctions caused by an attacker can have a negative impact on a large number of innocent users.
• 
  
• Web applications can store confidential information, the leakage of this data can have very serious consequences.
• 
  
• A web application has access to many “untrusted” users, while the owners or application developers generally cannot control or restrict their actions.
• 
  
• Information exchange between the browser and the server occurs over open channels using open protocols, so it is difficult to control the data transmitted by clients.< br>
• Web application development is not always carried out with due attention to ensuring security and reliability, because time to develop a product for the market is more important than quality.

Naturally, errors can occur not only in the web applications themselves. The vulnerability may be in the web server, operating system, mail system, or ftp client. But the task of creating a secure environment is largely the responsibility of system administrators, but the security of a web application is entirely on the conscience of its developers and testers.

During the training, we will look at simple ways to search for vulnerabilities that do not require special knowledge, as well as more complex and complex tasks, when testing which you will have to delve deeper into the operation schemes of applications.