Security testing
Online video training with homework and teacher support
weeks to master a competitive habit
vulnerable pages to explore
effective methods of vulnerabilities search
Security testing is a popular habit
Senior QA vacancies
include security testing
QA Specialists
are interested in pentesting
of them
think it's too complicated
Security testing
You are an experienced QA, but have never tested security? Maybe, you think it's complicated and only available for the smartest? Or you are just out of ideas for testing your app?

It seems it's time to finally master security testing. This is not so hard as it may seem, you need to grasp the basic principles of app building and use the methods of searching for popular vulnerabilities. Then you should just practice enough to improve testing on your project.

No need to lose your time on courses of hacking: real hackers take years to hone their skills. QA engineer, on the other hand, needs much less knowledge - and we give this knowledge during the course.

This course is full of practice. You get only those theoretical knowledge you really need for successful security testing. We developed a sandbox-site for our students to demonstrate every vulnerability. A lot of homework let them consolidate knowledge.

Join us, and only in 4 weeks you will be able to:

  • Find vulnerabilities in complex forms such as registration and authorization ones
  • Work with HTML, JS and XSS Injections
  • Search for SQL injection in various queries
  • Scan for backdoors and shell injections
  • Use social engineering
  • Choose scanners for automated checks
  • Be sure your users are safe using your application
Here is a video from the course
  • what is a vulnerability
  • vulnerability vs. bug
  • danger of vulnerabilities
  • what is an exploit
Examples of logical vulnerabilities
  • change the password of another user, user token
  • unauthorized access to users content
  • data and dataset validation
Brute Force
  • what is a Brute Force
  • how captcha works and should be tested
  • password dictionaries
Code injection using HTML-injection as an example
  • what is a code injection
  • the danger of code injections on your project
  • examples of simple HTML-injections
  • the ways to avoid HTML-injections
Complex HTML-injection
  • how a web application works
  • value and data attributes in HTML
  • the most dangerous way to use HTML-injection on your site
  • an example of how to find and use complex HTML-injection
  • where to look for JavaScript-injection
  • how a JavaScript-injection could be used
  • an example of a JavaScript-injection
XSS attack
  • what is XSS and how is the difference between JavaScript-injection and XSS?
  • how hackers use XSS to attack your users
  • what is self-XSS
  • examples of XSS attacks
  • how authorization work; dealing with auth cookies and XSS
CSRF - Сross Site Request Forgery
  • what is CSRF
  • what is a user token
  • how CSRF attack works
  • an example of CSRF attack
SQL-injection (part I)
  • what is a SQL-injection
  • when and how you should check for SQL-injections
  • the danger of SQL-injections
  • an example of SQL-injection via GET HTTP-request
SQL-injection (part II)
  • a complex example of SQL injection for a POST-request - authorization without a password
  • what is a blind SQL-injection, ways to scan and search
  • using comments in SQL and changing the logic of the query
SQL-injection (part III)
  • an example of SQL-injection while inserting user data
  • researching of a server response
  • an example of a blind SQL-injection and sleep() function
Scan code for backdoors
  • what is shell capture
  • why shell capture is dangerous
  • how shell capture occurs and what are exec-like functions
  • full path disclosure
  • the way to scan and search for backdoors and exec-like functions in a code of your application
Uploading a malicious file to the server
  • how user files are transferred to the server
  • how to bypass data validation
  • what is dangerous executable file on the server
  • an example of file uploading
Advanced techniques
  • how web application security scanners work
  • what is social engineering and how to protect yourself from it
  • What is a Bug Bounty program
What's the flow
This course is 4 weeks long. Every week the students get videos for a topic in our LMS
Every module has a homework block. Estimated time is 2-3 hours for each homework
The teacher looks through every answer and gives comments on your work. Questions are discussed in group chat
Everyone who made it to the end with all homework done gets a certificate
Technical requirements
  • OS: Windows 7 or 10, or Mac OS Mohave+, or Ubuntu 16.04+
  • CPU: Intel i-series (i3, i5, i7) or AMD analogue
  • RAM: Minimum 4 GB
  • HDD: 1 GB
  • Monitor: Minimum resolution 1280 x 800
Course price: $150
Certificate of participation
At the end of the course, all participants who did their homework successfully will get a certificate of participation.