Certified Appsec Practitioner (CAP) Study Notes
Since the SecOps Group came up with a voucher that offered free certification to Certified Appsec Practitioner I will be creating notes here. I will be working on the Certified Appsec Practitioner.
The Course Contents for Certified Appsec Practitioner are as follows:
- Input Validation Mechanisms
- Blacklisting
- Whitelisting
2. Cross-Site Scripting
3. SQL Injection
4. XML External Entity attack
5. Cross-Site Request Forgery
6. Encoding, Encryption, and Hashing
7. Authentication related Vulnerabilities
- Brute force Attacks
- Password Storage and Password Policy
8. Understanding of OWASP Top 10 Vulnerabilities
9. Security Best Practices and Hardening Mechanisms.
- Same Origin Policy
- Security Headers.
10. Understanding of OWASP Top 10 Vulnerabilities
11. Security Best Practices and Hardening Mechanisms.
- Same Origin Policy
- Security Headers.
12. TLS security
- TLS Certificate Misconfiguration
- Symmetric and Asymmetric Ciphers
13. Server-Side Request Forgery
14. Authorization and Session Management related flaws –
- Insecure Direct Object Reference (IDOR)
- Privilege Escalation
- Parameter Manipulation attacks
- Securing Cookies.
15. Insecure File Uploads
16. Code Injection Vulnerabilities
17. Business Logic Flaws
18. Directory Traversal Vulnerabilities
19. Security Misconfigurations.
20. Information Disclosure.
21. Vulnerable and Outdated Components.
22. Common Supply Chain Attacks and Prevention Methods.
We will be following each of the above topics and studying them in detail.
Thanks For Reading!!! 😄
Edit:
You can check the Study Notes on my gitbook page
