O que é ?

O Certified AppSec Practitioner (CAP) é um exame de nível básico para testar o conhecimento dos candidatos sobre os principais conceitos de segurança de aplicativos.

Tópicos abordados:

  • Input Validation Mechanisms

    • Blacklisting
    • Whitelisting

  • Cross-Site Scripting

  • SQL Injection

  • XML External Entity Attack

  • Cross-Site Request Forgery

  • Encoding, Encryption and Hashing

  • Authentication related Vulnerabilities

    • Brute force Attacks
    • Password Storage and Password Policy

  • Understanding of OWASP Top 10 Vulnerabilities

  • Security Best Practices and Hardening Mechanisms.

    • Same Origin Policy
    • Security Headers.

  • TLS security

    • TLS Certificate Misconfiguration
    • Symmetric and Asymmetric Ciphers

  • Server-Side Request Forgery

  • Authorization and Session Management related flaws –

    • Insecure Direct Object Reference (IDOR)
    • Privilege Escalation
    • Parameter Manipulation attacks
    • Securing Cookies.

  • Insecure File Uploads

  • Code Injection Vulnerabilities

  • Business Logic Flaws

  • Directory Traversal Vulnerabilities

  • Security Misconfigurations.

  • Information Disclosure.

  • Vulnerable and Outdated Components.

  • Common Supply Chain Attacks and Prevention Methods.

Link para a Certificação