Course Summary
CREST: Certified Tester – Application (CCTAPP) is designed to provide you with expert-level skills in testing the security of applications. This course covers advanced techniques for identifying, exploiting, and mitigating vulnerabilities in various types of applications, including web, mobile, and desktop applications. You will learn to perform thorough security assessments, understand application security principles, and provide recommendations to enhance application security.
What you will learn:
• You will understand advanced concepts and methodologies in application security testing.
• You will learn to identify and exploit vulnerabilities in web, mobile, and desktop applications.
• You will gain skills in using various tools and techniques for thorough application security assessments.
• You will develop expertise in mitigating application vulnerabilities and enhancing security measures.
• You will learn to provide detailed security recommendations to improve the overall security posture of applications.
Module 1: Soft Skills and Assessment Management
• Engagement Lifecycle
• Law & Compliance
• Scoping
• Understanding, Explaining and Managing Risk
• Record Keeping, Interim Reporting & Final Results
Module 2: Core Technical Skills CREST Certified Application Tester
• IP Protocols
• Network Architecture
• Network Routing
• Network Mapping & Target Identification
• Interpreting Tool Output
• Filtering Avoidance Techniques
• Packet Crafting
• OS Fingerprinting
• Application fingerprinting and Evaluating Unknown Services
• Network Access Control Analysis
• Cryptography
• Applications of Cryptography
• File System Permissions
• Audit Techniques
Module 3: Background Information Gathering & Open Source
• Registration Records
• Domain Name Server (DNS)
• Customer Web Site Analysis
• Google Hacking and Web Enumeration
• NNTP Newsgroups and Mailing Lists
• Information Leakage from Mail & News Headers
Module 4: Networking Equipment
• Management Protocols
• Network Traffic Analysis
• Networking Protocols
• IPSec
• VoIP
• Wireless
• Configuration Analysis
Module 5: Microsoft Windows Security Assessment
• Domain Reconnaissance
• User Enumeration
• Active Directory
• Windows Passwords
• Windows Vulnerabilities
• Windows Patch Management strategies
• Desktop Lockdown
• Exchange
• Common Windows Applications
Module 6: Unix Security Assessment
• User enumeration
• Unix Vulnerabilities
• FTP
• Sendmail / SMTP
• Network File System (NFS)
• R* services
• X11
• RPC services
• SSH
Module 7: Web Technologies
• Web Server Operation
• Web Servers & their Flaws
• Web Enterprise Architectures
• Web Protocols
• Web Mark-up Languages
• Web Programming Languages
• Web Application Servers
• Web APIs
• Web Sub-Components
Module 8: Web Testing Methodologies
• Web Application Reconnaissance
• Threat Modelling and Attack Vectors
• Information Gathering from Web Mark-up
• Authentication Mechanisms
• Authorisation Mechanisms
• Input Validation
• Application Fuzzing
• Information Disclosure in Error Messages
• Use of Cross Site Scripting Attacks
• Use of Injection Attacks
• Session Handling
• Encryption
• Source Code Review
Module 9: Web Testing Techniques
• Web Site Structure Discovery
• Cross Site Scripting Attacks
• SQL Injection
• Session ID Attacks
• Fuzzing
• Parameter Manipulation
• Data Confidentiality & Integrity
• Discovery Traversal
• File Uploads
• Code Injection
• CRLF Attacks
• Application Logic Flaws
Module 10: Databases
• Microsoft SQL Server
• Oracle RDBMS
• Web / App/ Database Connectivity
Other Popular Courses
Mastering Communication & Presentation Te...
- Duration: 4 Days
- Language: Danish
- Level: Intermediate
- Exam: MCPT
Next Generation Mindfulness
- Duration: 1 Days
- Language: English
- Level: Foundation
- Exam: NGM
Nutanix Multicloud Infrastructure Design (NMC...
- Duration: 1 Days
- Language: English
- Level: Advanced
- Exam: Nutanix Certifi