Certified AppSec Practitioner (CAP) is an entry-level exam to test candidates’ knowledge on the core concepts of application security.

Topics covered:

  • Input Validation Mechanisms
    • Blacklisting
    • Whitelisting
  • Cross-Site Scripting
  • SQL Injection
  • XML External Entity Attack
  • Cross-Site Request Forgery
  • Encoding, Encryption and Hashing
  • Authentication related Vulnerabilities
    • Brute force Attacks
    • Password Storage and Password Policy
  • Understanding of OWASP Top 10 Vulnerabilities
  • Security Best Practices and Hardening Mechanisms.
    • Same Origin Policy
    • Security Headers.
  • TLS security
    • TLS Certificate Misconfiguration
    • Symmetric and Asymmetric Ciphers
  • Server-Side Request Forgery
  • Authorization and Session Management related flaws –
    • Insecure Direct Object Reference (IDOR)
    • Privilege Escalation
    • Parameter Manipulation attacks
    • Securing Cookies.
  • Insecure File Uploads
  • Code Injection Vulnerabilities
  • Business Logic Flaws
  • Directory Traversal Vulnerabilities
  • Security Misconfigurations.
  • Information Disclosure.
  • Vulnerable and Outdated Components.
  • Common Supply Chain Attacks and Prevention Methods.

Link to Certification