certification web application security testing wasd

Web Application Security Defender (WASD)

Learn to Detect, Test & Mitigate Web Security Attacks

Globally Available | Proctored | 180 mins | 90 MCQ | Passing Grade: 60%

Web Application Security Defender (WASD) Certificate program evaluates individual's implementation level skills required for Web Application Security Assessment. This program ensures candidate's awareness on Application Security Challenges, Risk, Tools, Techniques and methodologies along with hands-on practical level knowledge and skill-sets.

WASD is based on Application Security Industry Standards and Best Practices and ensures Knowledge and Understanding of Secure Web Application Assessment requirements. It walks through different phases/domains of Application Security Testing and provide required practical strategies and methodologies to evaluate Security at every level. 

Who needs to obtain WASD Certification?

Security Team

  • Security Engineers and Testers
  • Application/Software Penetration Testers
  • Application/Software Security Analyst
  • Security Consultants
  • Auditors, Product Security Office
  • Security Mangers

Software Development Team

  • Application/Software Developers
  • Quality Assurance Team
  • Application/Software Architects
  • Software Consultants
  • Research Engineers
  • Team Leads, Technical Mangers

Students [Technical Stream], Looking to pursue Career in Web Application Security Assessment/Testing

Anyone, Who wants to evaluate his skills in Web Application Security Assessment/Testing

Evaluate your Skills in Web Application Security Assessment

Phases of Web Application Security Assessment

  • Defining Objectives
  • Information Gathering
  • Conduct Assessment
    • Configuration & Deployment Management
    • Identity Management
    • Authentication and Authorization
    • Session Management
    • Input Validation
    • Error Handling
    • Testing Cryptography
    • Business Logic Testing
    • Client Side Testing
  • Reporting

WASD program helps you by,

  • Validates your practical expertise and knowledge in Web Application Security Assessment
  • Get Global Recognition and Credibility
  • Ensures Real Time skills required to handle Web Application Security Risk
  • Demonstrate knowledge of Industry Standards and Best Practices
  • Ensures effective skills to measure and implement Security Controls

How WASD differes from other similar Programs

  • Based on Industry Standards & Best Practices
  • Ensures Practical implementation of required skills
  • Integrates Real time Scenarios and Case Studies
  • Globally delivered via Pearson VUE

Length of Exam        180 minutes
Number of Questions      90
Question Format        Multiple Choice
Exam Language         English
Exam Mode        Proctored
Passing Grade                  60% [600 out of 1000 points]
Testing Center       PearsonVUE Authorized Testing Center
Exam Cost        $250
Renew         After every 4 Years

 

 

 

 

 

 

Delivery:
WASD exams are delivered through Pearson Vue proctored test centers and must be scheduled at-least 24 hrs in advance. WASD Certification attempt will be activated in your Hack2Secure's account according to terms of your purchase. Details on delivery along with Registration confirmation will be sent over Email on confirmation of payment. This exam is delivered online through a standard Web Browser.

EXAM CURRICULUM

Module#1: Introduction to Web Application Security

The candidate needs to demonstrate an understanding knowledge on Web Application Security and Testing methodologies along with understanding of Assessment Tools. Understanding and Best Practices for HTTP and HTTPS protocol.

  • About World Wide Web (WWW)
  • Web Application Security Testing
    • Introduction, Approach and Scope
  • HTTP Protocol
    • Request and Response Analysis
    • Related Security Concerns
  • HTTPS Protocol
    • About SSL/TLS wrapper over HTTP
    • Testing Methods and Best Practices
  • Web Proxies & Web Vulnerability Scanners

Module#2: Gathering Information

The Candidate needs to demonstrate an understanding knowledge about Reconnaissance (Web) using both Active and Passive methods. Exploring Google and Public Sources for Information Leakage. Scanning and Fingerprinting Server for Services, Configurations and Implementation flaws.

  • Open Source Intelligence
  • Google for Security Assessment
  • Spidering Files & Directories
  • Fingerprinting Services & Configurations
  • Exploring Hidden Locations

Module#3: Authentication, Authorization & Accountability

The Candidate needs to demonstrate an understanding knowledge about Authentication, Authorization and Accountability, related Security concerns and best practices.

  • Authentication
    • Mechanism, Types & Schemes
  • Username harvesting, Cracking Weak Passwords
  • Authorization
    • Process and related Security Concerns
  • Accountability and potential Information Leakage Points

Module#4: Session Management

The Candidate needs to demonstrate an understanding knowledge about Web Session, related Attributes, Security Flaws and Best Practices

  • How HTTP maintains the State and related Security concerns
  • Security best Practices for Session Management
  • Exploiting Session Information
  • Web Cookie Security Flags and Attributes

Module#5: Injection Attacks

The Candidate needs to demonstrate an understanding knowledge about Command Injection, Local & Remote File Inclusion Vulnerabilities. SQL Injection Attack and Testing methods

  • Command Injection
    • About, Testing Methods
  • Local & Remote File Inclusion Vulnerabilities
  • SQL Injection
    • About, Types & Attack Scope
    • Testing Methods

Module#6: Cross Site Scripting

The Candidate needs to demonstrate an understanding knowledge about Cross Site Scripting (XSS) attacks and testing methods. AJAX and JSON Security Concerns

  • Cross Site Scripting (XSS)
    • About, Types & Attack Scope
    • Testing Methods
  • HTML Injection
  • Security concerns related with AJAX & JSON

Module#7: Web Application Filters & Firewall

The Candidate needs to demonstrate an understanding knowledge about Web Application Filters & Firewalls, their testing and bypassing techniques.

  • Web Application Filters
    • About, Types & Attack Methods
  • Web Application Firewall
    • About, types & Attack Methods

Hack2Secure exams are delivered in a proctored environment via PearsonVUE. The time limit for WASD Exam is 180 minutes. The steps to obtain this certification is described as below:

1. Obtain Required Skills

Once you have decided to get WASD Certification, you can start the preparation for the same. No specific training is required for this Certification. One can opt for any available source of information for required certification syllabus/topics.

Hack2Secure's WASD Workshop is another option to get trained by Industry Experts.

2. Register and Schedule the Exam
Once you have acquired the required skill sets for WASD exam, then you can book or schedule the exam. Hack2Secure Exams needs to be scheduled at-least 24 hrs in advance of the day you wish to test.

  • Create an account at Pearson Vue by providing required information
  • Schedule an Exam at your preferred Testing Location
  • Submit Examination Fee

Confirmation on paid Examination Fee and Exam appointment will be sent over Email

3. Write & Pass the Exam
Once the exam is been scheduled, Candidate needs to visit the testing location half an hour before the scheduled exam time with two forms of Government approved ID proofs. Follow the procedure and appear for the exam.

Pass the WASD exam with a scaled score of 60% or greater. Your result (pass/fail) will be shown on your screen immediately after you've completed your exam. And the detailed score report can be collect from the test administrator. Make sure that you keep records of your score report with your exam registration number

In case you have not Passed the exam with required points, review your exam report properly in order to find out which areas need improvement. Refer Hack2Secure Exam Retake Policy to re-appear for exam

4. Get Certified
Once you have completed the exam successfully, you will get to see the Exam Report immediately on the screen and you get a copy of the same. However your certificate copy will be provided to you within 7-10 day after your examination date on your registered Email.

5. Maintain your Certification
Once you have received the Certificate, It will be valid for the next 4 years from the date of issue. After 4 years you will need to renew the Certificate again in order to keep it valid.

Send Details

WASD Certification [Reference Guide]

Available in July 2017

Take WASD Exam via Pearson VUE

Know More

Certification FAQ

Enroll Now

Web Application Security Testing: July Batch

    Book an Exam  Contact Us  Enquire Now !