Beruflich Dokumente
Kultur Dokumente
COURSE OVERVIEW
Website: www.wisphil.com
ACCREDITATIONS
UPON COMPLETION
Upon completion, Certified Secure Web Application
Engineer students will be able to establish industry
acceptable auditing standards with current best practices
and policies. Students will also be prepared to
competently take the C)SWAE exam.
EXAM INFORMATION
The Certified Secure Web Application Engineer exam is taken online through Mile2’s Assessment and
Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours
and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from
Mile2.com.
Website: www.wisphil.com
2
DETAILED OUTLINE
Application Mapping
Web Spiders
Web Vulnerability Assessment
Discovering other content
Application Analysis
Application Security Toolbox
Setting up a Testing Environment
Website: www.wisphil.com
3
Module 7: Application Logic attacks Module 11: Web Application
Penetration Testing
Application Logic Attacks
Information Disclosure Exploits Insecure Code Discovery and Mitigation
Data Transmission Attacks Benefits of a Penetration Test
Current Problems in WAPT
Module 8: Data Validation Learning Attack Methods
Methods of Obtaining Information
Input and Output Validation Passive vs. Active Reconnaissance
Trust Boundaries Footprinting Defined
Common Data Validation Attacks Introduction to Port Scanning
Data Validation Design OS Fingerprinting
Validating Non-Textual Data Web Application Penetration
Validation Strategies & Tactics Methodologies
Errors & Exception Handling The Anatomy of a Web Application
Attack
Structured Exception Handling Fuzzers
Designing for Failure
Designing Error Messages Module 12: Secure SDLC
Failing Securely
Secure-Software Development Lifecycle
Module 9: AJAX attacks (SDLC) Methodology
Web Hacking Methodology
AJAX Attacks
Web Services Attacks Module 13: Cryptography
Application Server Attacks
Overview of Cryptography
Module 10: Code Review and Security Key Management
Testing Cryptography Application
True Random Generators (TRNG)
Insecure Code Discovery and Mitigation Symmetric/Asymmetric Cryptography
Testing Methodology Digital Signatures and Certificates
Client Side Testing Hashing Algorithms
Session Management Testing XML Encryption and Digital Signatures
Developing Security Testing Scripts Authorization Attacks
Pen testing a Web Application
Website: www.wisphil.com
4