Course Summary

CREST: Certified Tester – Application (CCTAPP) is designed to provide you with expert-level skills in testing the security of applications. This course covers advanced techniques for identifying, exploiting, and mitigating vulnerabilities in various types of applications, including web, mobile, and desktop applications. You will learn to perform thorough security assessments, understand application security principles, and provide recommendations to enhance application security.

What you will learn:

• You will understand advanced concepts and methodologies in application security testing.
• You will learn to identify and exploit vulnerabilities in web, mobile, and desktop applications.
• You will gain skills in using various tools and techniques for thorough application security assessments.
• You will develop expertise in mitigating application vulnerabilities and enhancing security measures.
• You will learn to provide detailed security recommendations to improve the overall security posture of applications.

Module 1: Soft Skills and Assessment Management
• Engagement Lifecycle
• Law & Compliance
• Scoping
• Understanding, Explaining and Managing Risk
• Record Keeping, Interim Reporting & Final Results

Module 2: Core Technical Skills CREST Certified Application Tester
• IP Protocols
• Network Architecture
• Network Routing
• Network Mapping & Target Identification
• Interpreting Tool Output
• Filtering Avoidance Techniques
• Packet Crafting
• OS Fingerprinting
• Application fingerprinting and Evaluating Unknown Services
• Network Access Control Analysis
• Cryptography
• Applications of Cryptography
• File System Permissions
• Audit Techniques

Module 3: Background Information Gathering & Open Source
• Registration Records
• Domain Name Server (DNS)
• Customer Web Site Analysis
• Google Hacking and Web Enumeration
• NNTP Newsgroups and Mailing Lists
• Information Leakage from Mail & News Headers

Module 4: Networking Equipment
• Management Protocols
• Network Traffic Analysis
• Networking Protocols
• IPSec
• VoIP
• Wireless
• Configuration Analysis

Module 5: Microsoft Windows Security Assessment
• Domain Reconnaissance
• User Enumeration
• Active Directory
• Windows Passwords
• Windows Vulnerabilities
• Windows Patch Management strategies
• Desktop Lockdown
• Exchange
• Common Windows Applications

Module 6: Unix Security Assessment
• User enumeration
• Unix Vulnerabilities
• FTP
• Sendmail / SMTP
• Network File System (NFS)
• R* services
• X11
• RPC services
• SSH

Module 7: Web Technologies
• Web Server Operation
• Web Servers & their Flaws
• Web Enterprise Architectures
• Web Protocols
• Web Mark-up Languages
• Web Programming Languages
• Web Application Servers
• Web APIs
• Web Sub-Components

Module 8: Web Testing Methodologies
• Web Application Reconnaissance
• Threat Modelling and Attack Vectors
• Information Gathering from Web Mark-up
• Authentication Mechanisms
• Authorisation Mechanisms
• Input Validation
• Application Fuzzing
• Information Disclosure in Error Messages
• Use of Cross Site Scripting Attacks
• Use of Injection Attacks
• Session Handling
• Encryption
• Source Code Review

Module 9: Web Testing Techniques
• Web Site Structure Discovery
• Cross Site Scripting Attacks
• SQL Injection
• Session ID Attacks
• Fuzzing
• Parameter Manipulation
• Data Confidentiality & Integrity
• Discovery Traversal
• File Uploads
• Code Injection
• CRLF Attacks
• Application Logic Flaws

Module 10: Databases
• Microsoft SQL Server
• Oracle RDBMS
• Web / App/ Database Connectivity

There are no prerequisites to this course.

Exam format: The new CCT APP exam has two distinct parts: • A written exam which is made of two components: a multiple-choice test and a written scenario • A practical exam Exam duration Written exam The written exam duration is 3 hours in total, split as follows: • Multiple choice test (1 hour) • Written scenario (2 hours) Written exam (180 marks) • Multiple choice test (60 marks) • Written scenario (120 marks) Candidates must achieve at least two thirds or 66% in each component (multiple choice test and written scenario) to achieve a pass.

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Questions About This Course?