BETAThis platform is actively being built — new topics and features are added regularly.

QA DecodedQADecoded
../modulesContribute
module [10]

Security Testing

// understand how to test for vulnerabilities, broken access control, xss, sql injection and more.

[01]

What is Security Testing?

// the goals, scope, and types of security testing every qa engineer should know.

[02]

OWASP Top 10 Overview

// the ten most critical web application security risks — explained for testers.

[03]

SQL Injection

// how sql injection works, how to test for it, and why it is still the top attack vector.

[04]

Cross-Site Scripting (XSS)

// stored, reflected, and dom-based xss — how to detect and test for each.

[05]

Broken Access Control

// the #1 owasp risk — testing that users can only access what they are authorized to.

[06]

Authentication Testing

// testing login flows for weak passwords, brute force, session fixation, and more.

[07]

API Security Testing

// owasp api top 10 — the most critical vulnerabilities in rest apis.

[08]

Sensitive Data Exposure

// testing for pii leakage, insecure storage, and unencrypted data transmission.

[09]

Security Testing with OWASP ZAP

// using zap to scan web applications for vulnerabilities — beginner guide.

[10]

Security Testing Checklist

// a practical checklist to verify security across authentication, api, and data layers.