Enterprise Security
Certification :


OSSA




Web Application
Auditing & Pentesting
Certification :


OSWAP




Wireless Security
Auditing & Pentesting
Certification :


OSWA




Wireless Investigation
For Law Enforcement
Certification :


OSWILEP




Secure Wireless
Deployment & Monitoring
Certification :


OSWiSP





Preparatory Training
Courses :


RWSP





Training Class & Certification Exam Schedule

Training Class & Certification Exam-related FAQ

Authorized Training Partners & Training Schedules

Certified Practitioners List

Examination Review Board

OSWAP(tm)
Organizational Systems Web Application Pentester®
Web Application Pentesting Certification









WHAT IS IT?

Since 2009, the Organizational Systems Web Application Pentester® (OSWAP™) is an internationally-offered web application security auditing certification course that has helped teach cybersecurity practitioners how to expertly conduct comprehensive and state-of-the-art web application security-testing.


You can take the Organizational Systems Web Application Pentester® certification exam alone, or attend the Organizational Systems Web Application Pentester® training course that prepares you to take the Organizational Systems Web Application Pentester® certification examination.

The Organizational Systems Web Application Pentester® training course component is intended for those who either want to go very in-depth into testing web-applications or who want to better prepare before taking the Organizational Systems Web Application Pentester® certification exam.






CERTIFICATION / COURSE CATEGORY

Web-application security-testing certification exam;
Web-application security-testing certification preparation training course.

(Note : the practical certification exam can be taken separately without attending any corresponding training class)






WHO IS IT MEANT FOR?

  • Security-testers in general;

  • Those who are interested in developing practical web application security-testing techniques and skills;

  • Application developers and maintainers who want to know how to self-test the security of their web-applications pre- and post-deployment;

  • Those who have attained Organizational Systems Security Analyst™ certification and want to specialize in web-application security-testing.







HOW LONG IS THE COURSE AND/OR EXAM?

5-day hybrid-learning class;
Separate 3-hour-long proctored practical certification exam (each class seat comes with 1 bundled attempt at the certification exam on the day following each class run).






COURSE COMPONENT DETAILS

Penetration testers and cybersecurity practitioners who are already well-versed in network-layer penetration-testing will find that web application security-testing is a completely different beast requiring different approaches and skills.


With many organizations using Web2.0 and other web-related technologies to enable and facilitiate remote user-access to their systems and applications, attending the Organizational Systems Web Application Pentester® certification training course will give you a solid grounding in performing in-depth technical audits and exploits to test how well a web application is protected.


The Organizational Systems Web Application Pentester® training course is designed from the ground up to teach all aspects of practical web application security-testing from the starting point of understanding the fundamentals of how Web Application Platforms such as Java, ASP.net, PHP/Perl, CGI, etc, present themselves, through to understanding and exploiting the HTTP protocol specification, before going deep into web-app and proxy fingerprinting, XSS, SQL-injection, fuzzing, authentication/session-management exploitation, web-browser attacks (XSRF, Javascript, DNS-pinning), etc.
In addition, guiding the technical teachings are applied principles from Sun Tzu's "Art of War" for every section of the course, introducing the practicalities of web application testing from a timeless perspective.


By teaching attendees the proper practical knowledge and technical skillsets, the Organizational Systems Web Application Pentester® is intended to arm professional penetration-testers and application-developers with the necessary skills, techniques and tools to conduct consistent and comprehensive web application testing.


Attendees who meet the technical pre-requisites for attending the course should be able to come away with the following outcomes :

  • A solid understanding about the HTTP protocol specification, cookies and application platforms

  • The ability to profile and identify web-based defences and devices

  • The knowledge of what preparations have to be made prior to conducting a web-application security-test

  • Comprehensive technical understanding of how to exploit web applications using a wide variety of techniques

  • Ability to know and effectively use the correct tool for the type of web application vulnerability encountered

  • Extensive skills in engaging web application users and their browsers with advanced attacks

  • The ability to recommend countermeasures based on webapp security-audit results



Since its launch in 2009, the Organizational Systems Web Application Pentester® practical hands-on certification examination format ensures that anyone who can attain the Organizational Systems Web Application Pentester® certification has proven that they have true practical skill and ability to apply knowledge to web-application security-testing engagements.











Internationally Accredited By ThinkSECURE Pte Ltd











Copyright © 2005-2022 THINKSECURE® PTE LTD ("ThinkSECURE"). All Rights Reserved. Any reproduction, storage or transmission of any of the contents of this website, without the express and written consent of ThinkSECURE Pte Ltd is strictly prohibited. Use of this site is subject to our Terms & Conditions. The "THINKSECURE" brand name is a registered trademark of THINKSECURE PTE LTD in Singapore and a trademark of THINKSECURE PTE LTD in certain other countries. The ThinkSECURE device is a trademark of THINKSECURE PTE LTD in Singapore and certain other countries.

This Website Is Designed To Be Viewed At 1024x768 Resolution and 24-bit color using Arial, Stencil Std & Lucida Console fonts.