Enterprise Security
Certification :


Web Application
Auditing & Pentesting
Certification :


Wireless Security
Auditing & Pentesting
Certification :


Wireless Investigation
For Law Enforcement
Certification :


Secure Wireless
Deployment & Monitoring
Certification :


Training Class & Certification Exam Schedule

Training Class & Certification Exam-related FAQ

Authorized Training Partners & Training Schedules

Certified Practitioners List

Examination Review Board

Organizational Systems Web Application Pentester®
Web Application Pentesting Certification


The Organizational Systems Web Application Pentester® (OSWAP™) is an internationally-offered web application security auditing certification course that teaches IT professionals how to expertly conduct comprehensive and state-of-the-art web application security auditing/pentesting.

Penetration testers and IT-security professionals who are already well-versed in network-layer penetration testing will find that web application pentesting is a completely different beast requiring different approaches and skills.

With many organizations using Web2.0 and other web-related technologies to enable and facilitiate user-access to their systems and applications, attending the OSWAP™ will give you a solid grounding in performing in-depth technical audits and exploits to test how well a web application is protected.

In line with ThinkSECURE's tradition of developing and providing cutting-edge real-world technical courses such as the OSSA™ and OSWA™ , the OSWAP™ is designed from the ground up to teach all aspects of practical web application security testing from the starting point of understanding the fundamentals of how Web Application Platforms such as Java, ASP.net, PHP/Perl, CGI, etc, work, through to understanding and exploiting the HTTP protocol specification, before going deep into web-app and proxy fingerprinting, XSS, SQL-injection, fuzzing, authentication/session-management exploitation, web-browser attacks (XSRF, Javascript, DNS-pinning), etc.
In addition, guiding the technical teachings are applied principles from Sun Tzu's "Art of War" for every section of the course, introducing the practicalities of IT-security from a timeless perspective.

The OSWAP™ is designed specially for 3 broad groups of people:

  • Security auditors and penetration-testers who need to conduct technical hands-on audits against internal and client web applications and platforms;

  • Application developers and maintainers who need to test the security of their applications pre- and post-deployment; and

  • Those interested in learning more about how to do practical technical web-application penetration-testing.

This instructor-led, intensely practical, hands-on programme teaches a vendor-neutral and specialized approach to practical security testing of web applications. By equipping attendees with the proper knowledge and technical skillsets, the OSWAP™ arms professional penetration testers and application developers with the proper skills, techniques and tools to conduct consistent and comprehensive web application tests.

While the programme syllabus should be used to determine if this programme is appropriate for the attendee based on their current skills and requirements, all attendees will come away with the following:

  • A solid understanding about the HTTP protocol specification, cookies and application platforms

  • The ability to profile and identify web-based defences and devices

  • The knowledge of what preparations have to be made prior to conducting a web security penetration test

  • Comprehensive technical understanding of how to exploit web applications using a wide variety of techniques

  • Ability to know and effectively use the correct tool for the type of web application vulnerability encountered

  • Extensive skills in engaging web application users and their browsers with advanced attacks

  • The ability to recommend countermeasures based on web security audit results

With its wide variety of practical classroom labwork, the OSWAP™ web application security auditing and penetration-testing training programme is ideal for professional security testers, application security developers, internal audit teams and others who want to know how to conduct first-class multi-vector penetration testing against web application platforms.

Who Can Benefit From This Programme:

IT Professionals who will benefit from this programme include the following:

  • Penetration-Testers and/or Technical Auditors

  • Application Designers

  • Application Specialists

  • IT-Security Consultants

  • IT System Engineers

  • IT System Administrators

  • IT-Security Practitioners / Technical Professionals

and anyone who is looking to learn more in-depth practical web application security auditing techniques and skills.

Internationally Accredited By ThinkSECURE Pte Ltd

Copyright © 2004-2020 THINKSECURE® PTE LTD ("ThinkSECURE"). All Rights Reserved. Any reproduction, storage or transmission of any of the contents of this website, without the express and written consent of ThinkSECURE Pte Ltd is strictly prohibited. Use of this site is subject to our Terms & Conditions. The "THINKSECURE" brand name is a registered trademark of THINKSECURE PTE LTD in Singapore and a trademark of THINKSECURE PTE LTD in certain other countries. The ThinkSECURE device is a trademark of THINKSECURE PTE LTD in Singapore and certain other countries.

This Website Is Designed To Be Viewed At 1024x768 Resolution and 24-bit color using Arial, Stencil Std & Lucida Console fonts.