GIAC Practical Web Application Penetration Testing (GWAPT)
What is GWAPT?
The GIAC Web Application Penetration Tester (GWAPT) certification validates a practitioner’s ability to better secure organizations through penetration testing and a thorough understanding of web application security issues. GWAPT certification holders have demonstrated knowledge of web application exploits and penetration testing methodology.
Who should Attend?
This course is designed for:
- Security practitioners
- Penetration testers
- Ethical hackers
- Web application developers
- Website designers and architects
Why Web App Penetration Testing is essential for you?
- Learn about Web Application Security and Penetration Testing.
- How to discover and exploit vulnerabilities in modern network and web frameworks, technologies, and backends.
- Perform Information Gathering to get access into clients system.
- Use automated Web Hacking tools.
- Learn how to conduct Web Intrusion tests.
Benefits of Web App Penetration Testing
- Web application overview, authentication attacks, and configuration testing
- Web application session management, SQL injection attacks, and testing tools
- Cross site request forgery and scripting, client injection attack, reconnaissance and mapping
Prerequisites
- Experience with basics of Linux
- Kali Linux
Learning objectives
The course the contents outlined below:
- Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack: will demonstrate an understanding of Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks and the tools and techniques used to discover and exploit vulnerabilities.
- Reconnaissance and Mapping: demonstrate an understanding of the techniques used to conduct discovery, exploration and investigation of a web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis.
- Web Application Authentication Attacks:will demonstrate a familiarity with the process and mechanisms used to secure web applications by authentication, how to enumerate users and how to bypass and exploit weak authentication.
- Web Application Configuration Testing: will demonstrate a familiarity with the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a web site.
- Web Application Overview: will demonstrate an understanding of the technologies, programming languages and structures that are involved in the construction and implementation of a web site such as HTTP, HTTPS and AJAX within the context of security, vulnerabilities and basic operation.
- Web Application Session Management: will demonstrate an understanding of how a web application manages client sessions, tracks user activity and uses SSL/TLS in modern web communications as well as the attacks that can be leveraged against flaws in session state.
- Web Application SQL Injection Attacks: will demonstrate a familiarity with the techniques used to audit and test the security of web applications using SQL injection attacks and how to identify SQL injection vulnerabilities in applications.
- Web Application Testing Tools: will demonstrate an understanding of the tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.
Exam format
- 75 questions
- Time limit of 2 hours
- Minimum Passing Score of 71%
General Information
- Training is available in a variety of modalities including live conference training, online, and self study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found athttps://www.giac.org/about/procedures/grievance.