Professional Documents
Culture Documents
VPNHandbook
VPNHandbook
group/certified-appsec-pentester/
Certified AppSec
Pe n t e s t e r ( C A Pe n )
Home Certified AppSec Pentester (CAPen)
C e r t i f i e d A p p S e c Pe n t e s t e r ( C A Pe n )
Certi&ed AppSec Pentester (CAPen) is an intermediate-level exam to test a candidate’s knowledge on the core
concepts involving application security. Candidates must be able to demonstrate practical knowledge to
conduct an application pentest to pass this exam.
£400
1 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/
£150
Buy Now
W h o s h o u l d t a ke t h i s ex a m ?
CAPen is intended to be taken by pentesters, application security architects, SOC analysts, red and
blue team members and any AppSec enthusiast, who wants to evaluate and advance their knowledge.
W h a t i s t h e f o r m a t o f t h e ex a m ?
CAPen is an intense 4 hour long practical exam. It requires attendees to solve a number of challenges,
identify and exploit various vulnerabilities and obtain Hags. The exam can be taken online, anytime
(on-demand) and from anywhere. Attendees will need to connect to the exam VPN server to access
the vulnerable applications.
W h a t i s t h e p a s s c r i t e r i a f o r t h e ex a m ?
The pass criteria are as follows:
• Attendees scoring over 60% marks will be deemed to have successfully passed the exam.
• Attendees scoring over 75% marks will be deemed to have passed with a merit.
W h a t i s t h e ex p e r i e n c e n e e d e d t o t a ke t h e c e r t i f i c a t i o n ?
This is an intermediate-level exam. Attendees should have prior knowledge and experience of
application pentesting. They should have an understanding of common application security related
topics such as the OWASP Top 10, commonly identi&ed security miscon&gurations, and best security
practices. They should be able to demonstrate their practical knowledge on AppSec topics by
completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the
exam environment to mimic the real world scenarios.
2 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/
certi&cate.
W h a t i s t h e ex a m re t a ke p o l i c y ?
Candidates who fail the exam, must purchase a new exam voucher to retake the exam.
W h a t a re t h e b e n e f i t s o f t h i s c e r t i f i c a t i o n ?
The certi&cate will allow attendees to demonstrate their understanding of application security topics.
This will help them to advance in their career.
Certification syllabus
The exam will cover the following topics
I d e n t i f i c a t i o n a n d e x p l o i t a t i o n o f OWA S P To p 1 0 Vu l n e r a b i l i t i e s
XML External Entity attack
SQL Injection
C r o s s - S i t e R e q u e s t Fo r g e r y
Pr a c t i c a l C r y p t o g r a p h i c A t t a c k s
A u t h e n t i c a t i o n r e l a t e d Vu l n e r a b i l i t i e s
• Brute force Attacks
• Password Storage and Password Policy
TLS Security
• Identi&cation of TLS security Miscon&gurations.
S e r v e r - S i d e R e q u e s t Fo r g e r y
Au t h o r i z a t i o n a n d S e s s i o n M a n a g e m e n t re l a t e d f l a w s –
• Insecure Direct Object Reference (IDOR)
• Parameter Manipulation attacks
I n s e c u re F i l e U p l o a d s
C o d e I n j e c t i o n Vu l n e r a b i l i t i e s
Business Logic Flaws
D i r e c t o r y Tr a v e r s a l Vu l n e r a b i l i t i e s
Common Security Misconfigurations.
3 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/
I n f o r m a t i o n D i s c l o s u r e.
Vu l n e r a b l e a n d O u t d a t e d C o m p o n e n t s .
C o m m o n S u p p l y C h a i n A t t a c k s a n d Preve n t i o n M e t h o d s .
C o m m o n S e c u r i t y We a k n e s s e s a f f e c t i n g C l o u d S e r v i c e s s u c h a s a S 3 B u c k e t .
S e c u r i t y B e s t Pr a c t i c e s a n d H a r d e n i n g M e c h a n i s m s .
• Security Headers.
Sample Question
Register an account on the target website. Identify a Haw within the reset password functionality and
login as user admin@dummysite.com. After successful login, you will see a Hag being displayed.
Provide the Hag below:
C e r t i f i e d A p p S e c Pe n t e s t e r
( C A Pe n )
Buy Now
T h e S e c O p s G ro u p Quick Links
4 of 5 21/01/23, 1:10 am
Certified AppSec Pentester (CAPen) • https://secops.group/certified-appsec-pentester/
Contact Us N ew s l e t t e r
5 of 5 21/01/23, 1:10 am