Unit 1: Access Control Testing
- Access Control Tests of Networks (External Interface)
- Networks (Internal Interface and DMZ)
- Physical Access Testing
- Piggybacking
- Anonymous Entry
- Break-in
- Wireless Access Testing
- Board Classes of Testing
- Black Box of Zero Knowledge
- Crystal Box or Full Knowledge Testing
- Grey Box Testing
Unit 2: Security Audit
- Choosing the Standard Against Which to Audit
- ISO27001
- PCI-DSS
- ISACA Standards
- NIST Guidelines
- National and Sector-Specific Standards (e.g., RBI Guidelines for Banks in India)
- Auditing Security Policies and Procedures
- Review and Report on IT Landscape
- Defining Scope of Security Audit
- Maintaining Independence and Objectivity in Audit
- Internal and Third-Party Audit
Unit 3: Software Testing
- Static Testing and Dynamic Testing
- Traceability Matrix
- Synthetic Transitions
- Fuzzing or Fuzz Testing
- Specific Testing to Meet Different Purposes
- Unit Testing
- Installation Testing
- Integration Testing
- Regression Testing
- Acceptance Testing
- Alpha and Beta Testing
- Combinatorial Software Testing
Unit 4: Log Analysis
- Identify, Collect, and Retain Logs
- Maintain Integrity of Logs
- Types of Logs
- Antivirus Logs
- IDS/IPS Logs
- Remote Access Logs
- Web Proxy Generated Logs
- Logs from Authentication Servers
- Router Logs and Firewall Logs
- Log Filtering
- Response to Log Alerts
- Transportation, Storage, and Retrieval of Logs
Unit 5: Test Management
- Deciding Objectives of Testing
- Routine vs Ad-Hoc Testing
- Periodicity of Testing and Coverage of Key Areas in the Organizational
- Acting on Test Results
- Scheduling the Test
- Selecting Test Participants
- Surprise vs Planned Tests
- Live vs Simulated Tests
- Creating, Using, and Destroying Test Data
- Sanitization of Information for Testing
- Precautions When Using Production Data for Testing
