Description:
The Organizational Systems Web Application Pentester® (OSWAP) is an internationally-offered web application security auditing certification course that teaches IT professionals how to expertly conduct comprehensive and state-of-the-art web application security auditing/pentesting.
Penetration testers and IT-security professionals who are already well-versed in network-layer penetration testing will find that web application pentesting is a completely different beast requiring different approaches and skills.
With many organizations using Web2.0 and other web-related technologies to enable and facilitiate user-access to their systems and applications, attending the OSWAP will give you a solid grounding in performing in-depth technical audits and exploits to test how well a web application is protected.
In line with ThinkSECURE's tradition of developing and providing cutting-edge real-world technical courses such as the OSSA and OSWA , the OSWAP is designed from the ground up to teach all aspects of practical web application security testing from the starting point of understanding the fundamentals of how Web Application Platforms such as Java, ASP.net, PHP/Perl, CGI, etc, work, through to understanding and exploiting the HTTP protocol specification, before going deep into web-app and proxy fingerprinting, XSS, SQL-injection, fuzzing, authentication/session-management exploitation, web-browser attacks (XSRF, Javascript, DNS-pinning), etc.
In addition, guiding the technical teachings are applied principles from Sun Tzu's "Art of War" for every section of the course, introducing the practicalities of IT-security from a timeless perspective.
The OSWAP is designed specially for 3 broad groups of people:
Security auditors and penetration-testers who need to conduct technical hands-on audits against internal and client web applications and platforms;
Application developers and maintainers who need to test the security of their applications pre- and post-deployment; and
Those interested in learning more about how to do practical technical web-application penetration-testing.
This instructor-led, intensely practical, hands-on programme teaches a vendor-neutral and specialized approach to practical security testing of web applications. By equipping attendees with the proper knowledge and technical skillsets, the OSWAP arms professional penetration testers and application developers with the proper skills, techniques and tools to conduct consistent and comprehensive web application tests.
While the programme syllabus should be used to determine if this programme is appropriate for the attendee based on their current skills and requirements, all attendees will come away with the following:
A solid understanding about the HTTP protocol specification, cookies and application platforms
The ability to profile and identify web-based defences and devices
The knowledge of what preparations have to be made prior to conducting a web security penetration test
Comprehensive technical understanding of how to exploit web applications using a wide variety of techniques
Ability to know and effectively use the correct tool for the type of web application vulnerability encountered
Extensive skills in engaging web application users and their browsers with advanced attacks
The ability to recommend countermeasures based on web security audit results
With its wide variety of practical classroom labwork, the OSWAP web application security auditing and penetration-testing training programme is ideal for professional security testers, application security developers, internal audit teams and others who want to know how to conduct first-class multi-vector penetration testing against web application platforms.
Who Can Benefit From This Programme:
IT Professionals who will benefit from this programme include the following:
Penetration-Testers and/or Technical Auditors
Application Designers
Application Specialists
IT-Security Consultants
IT System Engineers
IT System Administrators
IT-Security Practitioners / Technical Professionals
and anyone who is looking to learn more in-depth practical web application security auditing techniques and skills.
![]() |
|