WHAT IS IT?
Since 2009, the Organizational Systems Web Application Pentester® (OSWAP) is an internationally-offered web application security auditing certification course that has helped teach cybersecurity practitioners how to expertly conduct comprehensive and state-of-the-art web application security-testing.
You can take the Organizational Systems Web Application Pentester® certification exam alone, or attend the Organizational Systems Web Application Pentester® training course that prepares you to take the Organizational Systems Web Application Pentester® certification examination.
The Organizational Systems Web Application Pentester® training course component is intended for those who either want to go very in-depth into testing web-applications or who want to better prepare before taking the Organizational Systems Web Application Pentester® certification exam.
CERTIFICATION / COURSE CATEGORY
Web-application security-testing certification exam;
Web-application security-testing certification preparation training course.
(Note : the practical certification exam can be taken separately without attending any corresponding training class)
WHO IS IT MEANT FOR?
Security-testers in general;
Those who are interested in developing practical web application security-testing techniques and skills;
Application developers and maintainers who want to know how to self-test the security of their web-applications pre- and post-deployment;
Those who have attained Organizational Systems Security Analyst certification and want to specialize in web-application security-testing.
HOW LONG IS THE COURSE AND/OR EXAM?
5-day hybrid-learning class;
Separate 3-hour-long proctored practical certification exam (each class seat comes with 1 bundled attempt at the certification exam on the day following each class run).
COURSE COMPONENT DETAILS
Penetration testers and cybersecurity practitioners who are already well-versed in network-layer penetration-testing will find that web application security-testing is a completely different beast requiring different approaches and skills.
With many organizations using Web2.0 and other web-related technologies to enable and facilitiate remote user-access to their systems and applications, attending the Organizational Systems Web Application Pentester® certification training course will give you a solid grounding in performing in-depth technical audits and exploits to test how well a web application is protected.
In addition, guiding the technical teachings are applied principles from Sun Tzu's "Art of War" for every section of the course, introducing the practicalities of web application testing from a timeless perspective.
By teaching attendees the proper practical knowledge and technical skillsets, the Organizational Systems Web Application Pentester® is intended to arm professional penetration-testers and application-developers with the necessary skills, techniques and tools to conduct consistent and comprehensive web application testing.
Attendees who meet the technical pre-requisites for attending the course should be able to come away with the following outcomes :
A solid understanding about the HTTP protocol specification, cookies and application platforms
The ability to profile and identify web-based defences and devices
The knowledge of what preparations have to be made prior to conducting a web-application security-test
Comprehensive technical understanding of how to exploit web applications using a wide variety of techniques
Ability to know and effectively use the correct tool for the type of web application vulnerability encountered
Extensive skills in engaging web application users and their browsers with advanced attacks
The ability to recommend countermeasures based on webapp security-audit results
Since its launch in 2009, the Organizational Systems Web Application Pentester® practical hands-on certification examination format ensures that anyone who can attain the Organizational Systems Web Application Pentester® certification has proven that they have true practical skill and ability to apply knowledge to web-application security-testing engagements.