Organizational Systems Web Application Pentester™
Web Application Pentesting Training

Description:

The Organizational Systems Web Application Pentester™ (OSWAP™) is an international web application security auditing certification course that teaches IT professionals how to expertly conduct comprehensive and state-of-the-art web application security auditing/pentesting.


Penetration testers and IT-security professionals who are already well-versed in network-layer penetration testing will find that web application pentesting is a completely different beast requiring different approaches and skills.


With many organizations using Web2.0 and other web-related technologies to enable and facilitiate user-access to their systems and applications, attending the OSWAP™ will give you a solid grounding in performing in-depth technical audits and exploits to test how well a web application is protected.


In line with ThinkSECURE's tradition of developing and providing cutting-edge real-world technical courses such as the OSSA™ and OSWA™ , the OSWAP™ is designed from the ground up to teach all aspects of practical web application security testing from the starting point of understanding the fundamentals of how Web Application Platforms such as Java, ASP.net, PHP/Perl, CGI, etc, work, through to understanding and exploiting the HTTP protocol specification, before going deep into web-app and proxy fingerprinting, XSS, SQL-injection, fuzzing, authentication/session-management exploitation, web-browser attacks (XSRF, Javascript, DNS-pinning), etc.
In addition, guiding the technical teachings are applied principles from Sun Tzu's "Art of War" for every section of the course, introducing the practicalities of IT-security from a timeless perspective.


The OSWAP™ is designed specially for 3 broad groups of people:

• Security auditors and penetration-testers who need to conduct technical hands-on audits against internal and client web applications and platforms;

• Application developers and maintainers who need to test the security of their applications pre- and post-deployment; and

• Those interested in learning more about how to do practical technical web-appllication penetration-testing.

This instructor-led, intensely practical, hands-on programme teaches a vendor-neutral and specialized approach to practical security testing of web applications. By equipping attendees with the proper knowledge and technical skillsets, the OSWAP™ arms professional penetration testers and application developers with the proper skills, techniques and tools to conduct consistent and comprehensive web application tests.


While the programme syllabus should be used to determine if this programme is appropriate for the attendee based on their current skills and requirements, all attendees will come away with the following:

• A solid understanding about the HTTP protocol specification, cookies and application platforms
  

• The ability to profile and identify web-based defences and devices
  

• The knowledge of what preparations have to be made prior to conducting a web security penetration test
  

• Comprehensive technical understanding of how to exploit web applications using a wide variety of techniques
  

• Ability to know and effectively use the correct tool for the type of web application vulnerability encountered
  

• Extensive skills in engaging web application users and their browsers with advanced attacks
  

• The ability to recommend countermeasures based on web security audit results
  

With its wide variety of practical classroom labwork, the OSWAP™ web application security auditing and penetration-testing training programme is ideal for professional security testers, application security developers, internal audit teams and others who want to know how to conduct first-class multi-vector penetration testing against web application platforms.








Who Can Benefit From This Programme:

IT Professionals who will benefit from this programme include the following:

• Security Analysts / Consultants
  

• Penetration Testers
  

• Security Audit Teams
  

• Network & System Administrators
  

• Network & System Engineers
  

• Application Designers
  

• Application Specialists
  

• IT Engineers
  

and anyone who is looking to learn more in-depth web application security auditing techniques and skills.