Certified AppSec Pentester (CAPen) • https://secops.

group/certified-appsec-pentester/

Certified AppSec
Pe n t e s t e r ( C A Pe n )
Home Certified AppSec Pentester (CAPen)

C e r t i f i e d A p p S e c Pe n t e s t e r ( C A Pe n )
Certi&ed AppSec Pentester (CAPen) is an intermediate-level exam to test a candidate’s knowledge on the core
concepts involving application security. Candidates must be able to demonstrate practical knowledge to
conduct an application pentest to pass this exam.

£400

1 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/

£150
Buy Now

W h o s h o u l d t a ke t h i s ex a m ?
CAPen is intended to be taken by pentesters, application security architects, SOC analysts, red and
blue team members and any AppSec enthusiast, who wants to evaluate and advance their knowledge.

W h a t i s t h e f o r m a t o f t h e ex a m ?
CAPen is an intense 4 hour long practical exam. It requires attendees to solve a number of challenges,
identify and exploit various vulnerabilities and obtain Hags. The exam can be taken online, anytime
(on-demand) and from anywhere. Attendees will need to connect to the exam VPN server to access
the vulnerable applications.

W h a t i s t h e p a s s c r i t e r i a f o r t h e ex a m ?
The pass criteria are as follows:

• Attendees scoring over 60% marks will be deemed to have successfully passed the exam.
• Attendees scoring over 75% marks will be deemed to have passed with a merit.

W h a t i s t h e ex p e r i e n c e n e e d e d t o t a ke t h e c e r t i f i c a t i o n ?
This is an intermediate-level exam. Attendees should have prior knowledge and experience of
application pentesting. They should have an understanding of common application security related
topics such as the OWASP Top 10, commonly identi&ed security miscon&gurations, and best security
practices. They should be able to demonstrate their practical knowledge on AppSec topics by
completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the
exam environment to mimic the real world scenarios.

Note: As this is an intermediate-level certi4cation, a minimum of two years of professional

pentesting/bug-bounty experience is recommended.

What will the attendees get?

On completing the exam, each attendee will receive:

• A certi&cate with their pass/fail and merit status.

• The certi&cate will contain a code/QR link, which can be used by anyone to validate the

2 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/

certi&cate.

W h a t i s t h e ex a m re t a ke p o l i c y ?
Candidates who fail the exam, must purchase a new exam voucher to retake the exam.

W h a t a re t h e b e n e f i t s o f t h i s c e r t i f i c a t i o n ?
The certi&cate will allow attendees to demonstrate their understanding of application security topics.
This will help them to advance in their career.

Certification syllabus
The exam will cover the following topics

 Google Hacking, Dorking and OSINT techniques.

• Blacklisting
• Whitelisting

 I d e n t i f i c a t i o n a n d e x p l o i t a t i o n o f OWA S P To p 1 0 Vu l n e r a b i l i t i e s
 XML External Entity attack
 SQL Injection
 C r o s s - S i t e R e q u e s t Fo r g e r y
 Pr a c t i c a l C r y p t o g r a p h i c A t t a c k s
 A u t h e n t i c a t i o n r e l a t e d Vu l n e r a b i l i t i e s
• Brute force Attacks
• Password Storage and Password Policy

 TLS Security
• Identi&cation of TLS security Miscon&gurations.

 S e r v e r - S i d e R e q u e s t Fo r g e r y
 Au t h o r i z a t i o n a n d S e s s i o n M a n a g e m e n t re l a t e d f l a w s –
• Insecure Direct Object Reference (IDOR)
• Parameter Manipulation attacks

 I n s e c u re F i l e U p l o a d s
 C o d e I n j e c t i o n Vu l n e r a b i l i t i e s
 Business Logic Flaws
 D i r e c t o r y Tr a v e r s a l Vu l n e r a b i l i t i e s
 Common Security Misconfigurations.

3 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/

 I n f o r m a t i o n D i s c l o s u r e.
Vu l n e r a b l e a n d O u t d a t e d C o m p o n e n t s .
C o m m o n S u p p l y C h a i n A t t a c k s a n d Preve n t i o n M e t h o d s .
C o m m o n S e c u r i t y We a k n e s s e s a f f e c t i n g C l o u d S e r v i c e s s u c h a s a S 3 B u c k e t .
S e c u r i t y B e s t Pr a c t i c e s a n d H a r d e n i n g M e c h a n i s m s .
• Security Headers.

Sample Question

Register an account on the target website. Identify a Haw within the reset password functionality and
login as user admin@dummysite.com. After successful login, you will see a Hag being displayed.
Provide the Hag below:

C e r t i f i e d A p p S e c Pe n t e s t e r
( C A Pe n )
Buy Now

T h e S e c O p s G ro u p Quick Links

4 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/

The SecOps Group is founded by About Us

industry veterans. We have over 15 Services
years of experience in providing cyber
Blockchain Security Services
security consultancy and have worked
with some of the largest blue chip
Certifications
companies. Being an independent
boutique company, we enable our All Certifications
customers to continuously identify and
Certified Blockchain Practitioner (CBP)
assess their security postures and
Certified AppSec Practitioner (CAP)
provide advice in securing against the
adversaries. Certified Network Security Practitioner
(CNSP)

Certified AppSec Pentester (CAPen)

Contact Us N ew s l e t t e r

The SecOps Group UK Limited. Latest resources sent to your

Address:Stonecross, Trumpington High
inbox weekly
Street, Cambridge. CB2 9SU
Phone: +44-122-392-6819

The SecOps Inc.

Address:16192 Coastal Highway,
Lewes, Sussex,Delaware 19958U Subscribe Now 
Phone: +1-602-625-0641

Security Ops India Pvt. Ltd.

Address:A/403, Shree Exotica, Opp. Fo l l o w U s
Aashtha Bunglows, Ahmedabad,
Gujarat, India 382350.
Twitter
Phone: +91-942-811-5003
LinkedIn

Copyright © 2023 The SecOps Group. All Rights Reserved.

5 of 5 21/01/23, 1:10 am