The Organizational Systems Web Application Pentester® (OSWAP) is an internationally-offered web application security auditing certification course that teaches IT professionals how to expertly conduct comprehensive and state-of-the-art web application security auditing/pentesting.
Penetration testers and IT-security professionals who are already well-versed in network-layer penetration testing will find that web application pentesting is a completely different beast requiring different approaches and skills.
With many organizations using Web2.0 and other web-related technologies to enable and facilitiate user-access to their systems and applications, attending the OSWAP will give you a solid grounding in performing in-depth technical audits and exploits to test how well a web application is protected.
In addition, guiding the technical teachings are applied principles from Sun Tzu's "Art of War" for every section of the course, introducing the practicalities of IT-security from a timeless perspective.
The OSWAP is designed specially for 3 broad groups of people:
Security auditors and penetration-testers who need to conduct technical hands-on audits against internal and client web applications and platforms;
Application developers and maintainers who need to test the security of their applications pre- and post-deployment; and
Those interested in learning more about how to do practical technical web-application penetration-testing.
This instructor-led, intensely practical, hands-on programme teaches a vendor-neutral and specialized approach to practical security testing of web applications. By equipping attendees with the proper knowledge and technical skillsets, the OSWAP arms professional penetration testers and application developers with the proper skills, techniques and tools to conduct consistent and comprehensive web application tests.
While the programme syllabus should be used to determine if this programme is appropriate for the attendee based on their current skills and requirements, all attendees will come away with the following:
A solid understanding about the HTTP protocol specification, cookies and application platforms
The ability to profile and identify web-based defences and devices
The knowledge of what preparations have to be made prior to conducting a web security penetration test
Comprehensive technical understanding of how to exploit web applications using a wide variety of techniques
Ability to know and effectively use the correct tool for the type of web application vulnerability encountered
Extensive skills in engaging web application users and their browsers with advanced attacks
The ability to recommend countermeasures based on web security audit results
With its wide variety of practical classroom labwork, the OSWAP web application security auditing and penetration-testing training programme is ideal for professional security testers, application security developers, internal audit teams and others who want to know how to conduct first-class multi-vector penetration testing against web application platforms.
Who Can Benefit From This Programme:
IT Professionals who will benefit from this programme include the following:
Penetration-Testers and/or Technical Auditors
IT System Engineers
IT System Administrators
IT-Security Practitioners / Technical Professionals
and anyone who is looking to learn more in-depth practical web application security auditing techniques and skills.