advanced · cohort · 4 weeks · 6–8 hrs/week
Security Testing Basics for QA
Threat model lightly, find common web issues responsibly, and hand off findings without drama.
¥88,000 JPY — informational list price
Overview
Ethical scope is explicit: exercises run against provided sandboxes only. You learn OWASP-style thinking tailored to testers who are not full-time pentesters.
What is included
- Scoped reconnaissance habits
- Injection and XSS demos in safe labs
- Session fixation patterns testers can spot
- Secure header spot checks
- Writing findings with severity rationale
- Collaboration notes for developer handoff
- When to stop and call specialists
Outcomes you can evidence
- Run a basic passive scan interpretation session
- Triage scanner noise vs actionable issues
- Document reproducers that legal teams accept
Lead mentor
Ana Morita
QA reviewer with application security consulting experience.
Avatars load from ui-avatars.com with a styled fallback if blocked.
FAQ
This is practice-oriented — not an OffSec replacement.
Experience notes
“Security Testing Basics for QA gave our release train a shared vocabulary before external audits — still not pentesters, but less naive.”