Target Audience

• Web Application Penetration Testers
• Web Developers
• Security Analysts
• Security Engineers

The Exam

Candidates will perform attacks against multiple real-world web-applications hosted on our infrastructure. Upon starting the examination process, a letter of engagement will be provided, clearly stating all engagement details, requirements, objectives, and scope. A stable internet connection is required.

Exam Format

The exam is conducted in an on-demand instance environment where candidates have access to vulnerable web applications. They are required to identify vulnerabilities, exploit them, and prove a successful exploitation by submitting the flag. The exam emphasizes real-world scenarios to test practical skills. No VPN or remote Desktop Software is required, the vulnerable website are directly accessible by a modern browser.

Topics Covered

• Injection Attacks (SQL, Command, LDAP)
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• Authentication and Session Management Vulnerabilities
• Security Misconfigurations
• Insecure Direct Object References (IDOR)
• Web Application Firewall (WAF) Evasion Techniques
• And many more....

Learning Outcomes

• Identify and exploit common web application vulnerabilities.
• Understand the underlying mechanisms of web attacks.
• Develop strategies to prevent and mitigate web vulnerabilities.

Prerequisites

• Web Application Enumeration
• Web Exploitation Basics
• Advanced Web Exploitation Techniques

* Theses requirements are optional. It is not required to buy these courses but it improves the chances of passing the certification exam when the courses have been completed.