Skip to main content

Top 10 Web Threats for QA

By popular demand, CyResLab has developed a version of the "Top 10 Web Threats" course for QA specialists. The course shifts focus from secure coding and programming countermeasures to security defect detection and analysis (a.k.a. triage), as well as the tools that are needed to master this process.

Introduction to the CERT Resilience Management Model

This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.1. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk.

Introduction to practical cryptography

The “Introduction to practical cryptography for software specialists” course will provide you with the necessary, but quite commonly overlooked foundations, of information security, and in particular, cryptography. Together, we will examine different cryptographic primitives along with strategies on where and how to apply them. Moreover, this course will provide you with a strong foundation on symmetric and asymmetric cryptography, cryptographic hashes and establish the baseline on their proper application and combination.

Cyber Security and Business Resilience

This is a 2-day course on how to manage operational risk, stay productive under stress and disruption, assess and improve our readiness to ‘handle the unknown’. Based on the new Resilience Management Model of CERT at the Software Engineering Institute (CERT/SEI, Carnegie Mellon University) - a comprehensive and complete reference model and framework helping organizations maintain security, IT operations and business continuity in a converged manner and without additional bureaucratic burden.

Client-side Web Crypto

With the introduction of wide-ranging and impactful legislation and requirements for privacy and data security (like GDPR), a radical, yet powerful cryptography-based solution is gaining traction and relevance. The “Untrusted Server” model assumes the Web application backend will never have access to customers’ data in plaintext, thereby negating almost all impact of data breaches – as the server is unable decrypt users’ data, so is the attacker.

Top 10 Web Threats

Various sources identify that between 20% and 60% of websites have each at least one serious vulnerability. A serious issue is the diversity of threats on Web platforms – different types of attacks can shut down entire services, steal valuable data, impersonate legitimate sites, intercept data on-the-fly, forge user actions, etc.