prasadpanchbhai/CertifiedAppsecPractitioner

Since the SecOps Group has offered free certification to Certified Appsec Practitioner I will be creating notes here. I will be working on the Certified Appsec Practitioner.

Certified Appsec Practitioner (CAP)

Since the SecOps Group came up with a voucher that offered free certification to Certified Appsec Practitioner I will be creating notes here. I will be working on the Certified Appsec Practitioner.

The Course Contents for Certified Appsec Practitioner are as follows:

1. Input Validation Mechanisms

• Blacklisting
• Whitelisting

2. Cross-Site Scripting

3. SQL Injection

4. XML External Entity attack

5. Cross-Site Request Forgery

6. Encoding, Encryption, and Hashing

7. Authentication related Vulnerabilities

• Brute force Attacks
• Password Storage and Password Policy

8. Understanding of OWASP Top 10 Vulnerabilities

9. Security Best Practices and Hardening Mechanisms.

• Same Origin Policy
• Security Headers.

10. TLS security

• TLS Certificate Misconfiguration
• Symmetric and Asymmetric Ciphers

11. Server-Side Request Forgery
12. Authorization and Session Management related flaws –

• Insecure Direct Object Reference (IDOR)
• Privilege Escalation
• Parameter Manipulation attacks
• Securing Cookies.

13. Insecure File Uploads
14. Code Injection Vulnerabilities
15. Business Logic Flaws
16. Directory Traversal Vulnerabilities
17. Security Misconfigurations.
18. Information Disclosure.
19. Vulnerable and Outdated Components.
20. Common Supply Chain Attacks and Prevention Methods.

We will be following each of the above topics and studying them in detail.