TL;DR: A brand-new hands-on course for Professional Members: Everyday security testing: A practical guide to getting started is has launched today!
Created by Richard Adams, this course shows you how to incorporate simple, powerful security checks into your everyday testing.
Who is it for? This course is for anyone who wants to add security testing to their everyday work. Whether you're an exploratory tester, automation engineer, or developer, you’ll learn how to spot risks without needing prior security experience.
So, what? Security flaws are among the most damaging issues in software today, but you don’t need to be a specialist to start finding them. This course helps you take a practical, lightweight approach. You’ll learn to spot risks early, test for vulnerabilities hands-on, and build confidence in your ability to add security thinking to your work.
In the course, you’ll:
Get comfortable with security testing terminology.
- Perform simple but powerful techniques like URL manipulation and bypassing UI validation.
- Learn how to test for XSS, injection, and SQL injection vulnerabilities.
- Practice using tools such as Postman, Chrome DevTools, and ZAP.
- Explore threat modelling step by step, including Data Flow Diagrams and STRIDE.
- Bring it all you've learnt together in a final hands-on challenge.
All 11 lessons are packed with activities, including hands-on testing, guided demonstrations, and reflections to help you apply your learning directly to your own work.
What’s more!
- Practical Activities: You’ll test against safe demo sites, including Richard's own site, designed to surface common security vulnerabilities and allow you to practice safely.
- Threat Modelling in Action: Go beyond the basics and learn to run your own threat modelling session with your team.
- Community Reflection: Share your experiences and insights with others in the MoTaverse!
👉 Start the course today and begin building security into your testing.
