WASD

Learn to Detect, Test & Mitigate Web Security Attacks

Candidate Reference Guide

www.hack2secure.com | certificate@hack2secure.com
Hack2Secure WASD Certification: Candidate Reference Guide 1

Table of Content

About WASD Exam Page 2

Who Should Take this Exam Page 3
How to Get Certified
Exam Objectives Page 4
How to prepare for the Exam Page 5
About Web Application Security Testing Workshop
Frequently Asked Questions (FAQ) Page 6
About Hack2Secure Page 9

To Schedule WASD Exam, www.pearsonvue.com/hack2secure

www.hack2secure.com | certificate@hack2secure.com
 Hack2Secure WASD Certification: Candidate Reference Guide 2

About WASD Exam

Globally Available | Proctored | 180 mins | 90 MCQ | Passing Grade: 60% | Exam Language: English

Web Application Security Defender (WASD) Certificate program evaluates individual's implementation level
skills required for Web Application Security Assessment. This program ensures candidate's awareness on
Application Security Challenges, Risk, Tools, Techniques and methodologies along with hands-on practical level
knowledge and skill-sets.

WASD is based on Application Security Industry Standards and Best Practices and ensures Knowledge and
Understanding of Secure Web Application Assessment requirements. It walks through different
phases/domains of Application Security Testing and provide required practical strategies and methodologies
to evaluate Security at every level.

Evaluate your Skills in Web Application Security Assessment

Phases of Web Application Security Assessment Benefits
Defining Objectives Validates your practical expertise and
Information Gathering knowledge in Web Application Security
Conduct Assessment Assessment
o Configuration & Deployment Management Get Global Recognition and Credibility
o Identity Management Ensures Real Time skills required to
o Authentication and Authorization handle Web Application Security Risk
o Session Management Demonstrate knowledge of Industry
o Input Validation Standards and Best Practices
o Error Handling Ensures effective skills to measure and
o Testing Cryptography implement Security Controls
o Business Logic Testing
o Client Side Testing
Reporting
To Schedule WASD Exam,
www.pearsonvue.com/hack2secure

For more details, visit www.hack2secure.com/wasd

www.hack2secure.com | certificate@hack2secure.com
 Hack2Secure WASD Certification: Candidate Reference Guide 3

Who Should Take this Exam?

Security Team Software Development Team

Security Engineers and Testers Application/Software Developers

Application/Software Penetration Testers Quality Assurance Team

Application/Software Security Analyst Application/Software Architects

Security Consultants Software Consultants

Auditors, Product Security Office Research Engineers

Security Mangers Team Leads, Technical Mangers

Student Student

Students [Management & Technical Stream] Anyone

Looking to pursue Career in Web Application Who wants to evaluate his skills in Web Application
Security Assessment/Testing Security Assessment/Testing

How to Get Certified?

Step#1: Register
Create Account at PearsonVUE Portal
www.pearsonvue.com/hack2secure

Step#2: Schedule the Exam

For step by step guide to Register and Schedule an Exam refer,
Hack2Secure Candidate Registration and Exam Scheduling Guide

Step#3: Appear for the Exam

Appear for the exam on the scheduled date and time with 2-ID proofs
For details visit: www.hack2secure.com/exam

Step#4: Get Certified

Successfully complete the Exam
180mins | 90 MCQ | 60% Passing Grade

For more details, visit www.hack2secure.com/wasd

www.hack2secure.com | certificate@hack2secure.com
 Hack2Secure WASD Certification: Candidate Reference Guide 4

EXAM OBJECTIVES
Module#1: Introduction to Web Module#4: Session Management
Application Security The Candidate needs to demonstrate an
The candidate needs to demonstrate an understanding knowledge about Web Session,
understanding knowledge on Web Application related Attributes, Security Flaws and Best Practices
Security and Testing methodologies along with How HTTP maintains the State and related
understanding of Assessment Tools. Understanding Security concerns
and Best Practices for HTTP and HTTPS protocol. Security best Practices for Session Management
About World Wide Web (WWW) Exploiting Session Information
Web Application Security Testing Web Cookie Security Flags and Attributes
o Introduction, Approach and Scope
HTTP Protocol Module#5: Injection Attacks
o Request and Response Analysis The Candidate needs to demonstrate an
o Related Security Concerns understanding knowledge about Command
HTTPS Protocol Injection, Local & Remote File Inclusion
o About SSL/TLS wrapper over HTTP Vulnerabilities. SQL Injection Attack and Testing
o Testing Methods and Best Practices methods
Web Proxies & Web Vulnerability Scanners
Command Injection
o About, Testing Methods
Module#2: Gathering Information
Local & Remote File Inclusion Vulnerabilities
The Candidate needs to demonstrate an SQL Injection
understanding knowledge about Reconnaissance o About, Types & Attack Scope
(Web) using both Active and Passive methods. o Testing Methods
Exploring Google and Public Sources for Information
Leakage. Scanning and Fingerprinting Server for Module#6: Cross Site Scripting
Services, Configurations and Implementation flaws.
The Candidate needs to demonstrate an
Open Source Intelligence understanding knowledge about Cross Site Scripting
Google for Security Assessment (XSS) attacks and testing methods. AJAX and JSON
Spidering Files & Directories Security Concerns
Fingerprinting Services & Configurations Cross Site Scripting (XSS)
Exploring Hidden Locations o About, Types & Attack Scope
o Testing Methods
Module#3: Authentication, Authorization HTML Injection
& Accountability Security concerns related with AJAX & JSON
The Candidate needs to demonstrate an
understanding knowledge about Authentication, Module#7: Web Application Filters &
Authorization and Accountability, related Security Firewall
concerns and best practices. The Candidate needs to demonstrate an
Authentication understanding knowledge about Web Application
o Mechanism, Types & Schemes Filters & Firewalls, their testing and bypassing
Username harvesting, Cracking Weak Passwords techniques.
Authorization Web Application Filters
o Process and related Security Concerns o About, Types & Attack Methods
Accountability and potential Information Web Application Firewall
Leakage Points o About, types & Attack Methods

To Schedule WASD Exam, www.pearsonvue.com/hack2secure

 Hack2Secure WASD Certification: Candidate Reference Guide 5

HOW TO PREPARE
Once you have decided to get WASD Certification, you can start the preparation for the same. There
are various options for the candidates to prepare for their WASD Exam

Option #1: Industry Experience

NO specific training is required for WASD Certification. You can rely on your practical Industry
experience or exposure to required tools and techniques for this exam.

Option #2: Self Study

You can opt for any available sources of information like Books, Online Trainings, Webinars etc
covering certification syllabus/topics.

Option #3: Web Application Security Testing Workshop

You can join Web Application Security Testing Workshop exclusively delivered by Hack2Secure or by our
Partners, to gain the required knowledge skill about the subject.

WORKSHOP: WEB APPLICATION SECURITY TESTING

7 DAYS | HANDS-ON | LAPTOP REQUIRED| 42 CPEs| WASD CURRICULUM

Hack2Secures Workshop on Web Application Security Testing provides hands-on exposure using both
Real-Time scenarios and Simulated Lab environment to required Tools and Techniques on different Web
Security Risk and Attack vectors.
Scoped around OWASP Web Application Security Testing Guide, these intensive practical sessions provides
deep-dive on required practical tips and tricks to evaluate, test and assess Security of Web Application.
Key-Take Away

Active and Passive Reconnaissance methods SQL Injection

Google Hacking and Deep-Web Local and Remote File Inclusion
SSL/TLS Handshake and Testing methods Vulnerabilities
Scanning, Fingerprinting and Spidering Cross Site Scripting
Authentication, Authorization and Format String Vulnerabilities
Accountability Web Application Filters & Firewalls
Session Management & related Attacks W3af, Nikto, Metasploit Framework
Cross Site Request Forgery BeEF, XSSer, SQLmap, Nmap, Recon-ng
Python and Java Script for Security Testers Burp Suite and Zed Attack Proxy (ZAP)

For more details, Web Application Security Testing Workshop: www.hack2secure.com/wastws

WASD Exam: www.hack2secure.com/wasd
www.hack2secure.com | certificate@hack2secure.com
Hack2Secure WASD Certification: Candidate Reference Guide 6

FREQUENTLY ASKED QUESTIONS (F.A.Q.)

Step#1: Exam Registration
How to register for WASD Exam?
Visit www.pearsonvue.com/hack2secure and Create Account by
providing required details.
Complete the Registration Process with correct required details as
these details will be used for further communication.

For Detailed Step by step Registration Guide, refer

Hack2Secure Candidate Registration and Exam Scheduling Guide

Who can register for WASD Exam?

WASD Exam is Open for All. It can be taken by Technical Professionals,
Management and Students. This program has scope for everyone
despite of their Role and Responsibility Web Application Security
Assessment Process.
If you are confident enough on your skills and knowledge on Web
Application Security and related Practices, this Challenge is for you to
get Assessment, Accreditation and Certification to boost your
Professional career scope and opportunities. Or if you want to
evaluate your Web Security process maturity level and evaluate
yourself on same, this Program will definitely assist you by providing
real time challenges and scenarios.
I will register now, but will write the exam later. Can I do that?
Yes, this is possible. There is no restricts for you to write the exam within the certain period of time after
scheduling. You can choose to Schedule Exam anytime and earn WASD Exam certificate on passing the exam.

Why do I have to provide my address when registering for an exam?

During each exam registration, you will be prompted to provide a mailing address. This information is used by
Pearson VUE to provide you with the all testing centres in your area when you are scheduling your exam.
Please provide a valid and current mailing address. We cannot accept to PO Boxes or APO/FPO/DPO addresses

Step#2: Exam Scheduling

When can I schedule my Exam?
You can appear for WASD exam at any PearsonVUE Authorized Test Center and scheduling of exam
completely depends on available slot at your preferred/nearest ATC. Exam should be scheduled atleast 24
hours prior to your preferred exam delivery time.

For more details, WASD Exam: www.hack2secure.com/wasd

www.hack2secure.com | certificate@hack2secure.com
Hack2Secure WASD Certification: Candidate Reference Guide 7

How to Schedule WASD Exam?

To Schedule Exam, refer Hack2Secure Candidate Registration and Exam Scheduling Guide
Ensure to Read and Agree with Hack2Secure Policies and your Name matches as per documents provided
under Admission Policy

Can I Reschedule or Cancel my Exam?

You can Re-schedule your exam but cant cancel.
Re-scheduling should be done at-least 24hrs before Exam delivery Time. You can re-schedule Exam either
using your Pearson Account or by Contacting PearsonVUE Customer Care

Step#3: Exam Delivery

How are the exams delivered?
Hack2Secure exams are delivered in a proctored environment at any Pearson Vue ATC

What should I expect on the day of the exam?

Pearson Vue has created a video to guide you with some tips about your exam day. For more exam
details Click here.
What do I need to bring at the Exam delivery day?
You are required to carry two Government ID Proofs with your name, signature and Photograph. For details
about ID Policies Click here.

Why I need to show related Documents while appearing for Exam?

Candidate needs to adhere with Hack2Secure Exam Policies. This is required to ensure smooth Exam process
globally, assuring correct candidate is taking exam and to avoid any discrepancy among candidates. At
Pearson Test Center, Proctor will be validating your Registered Name against provided documents. He will
also be validating your Signature and capture your Photograph.
Refer: Hack2Secure Candidate Testing Policy
Hack2Secure Candidate ID Policy
Will I be able to see my results immediately after exam?
Yes. Soon after you finish your exam you will see your results in form of pass/fail on screen. However the
detailed copy of the score report can be collected from the test administrator.

Step#4: Retake Policies

I did not PASS in my first attempt and want to Re-take Exam. What should I do now?
You can always Re-Take Exam. Refer Hack2Secure Retake Policy

To Schedule WASD Exam, www.pearsonvue.com/hack2secure

For more details, WASD Exam: www.hack2secure.com/WASD

www.hack2secure.com | certificate@hack2secure.com
Hack2Secure WASD Certification: Candidate Reference Guide 8

I Passed the Exam. Can I Re-take to Improve my Score?

No, once you have passed the exam you cannot take the same exam again for the next 4 years.

General

Can I attempt a WASD certification exam without formal training?

Yes, WASD Certification exam can be given without prior Hack2Secure Certification Training if you are
confident enough about your subject knowledge and skills. However, it is always recommended to take the
necessary training before appearing for the exam which will help to bridge the knowledge gap.

How soon after the proctored exam will I receive the Hack2secure certificate?
After Successful completion of a Hack2secure Certification exam, the soft copy of the Certificate will be
delivered to you on the email address provided within 7-10 business days.

Can I request a Hard/Framed Copy of my certificate?

Hack2Secure do not provide any framed copy of a certificate unless there is a corporate request for the
same.
Can I see what I got wrong on my exam?

Unfortunately, we can't provide a question-by-question breakdown of what you got right and what you got
wrong. If we did so, it would reveal too much information about the exam and possibly compromise the exam's
integrity for future students.
If you had issues with specific questions, you can note that in your exam evaluation form or send an email to
certificate@hack2secure.com, and our team will get back to you within 5 business days. We do review the
exams regularly for quality and review any questions that a student flags as potentially problematic.

To Schedule WASD Exam, www.pearsonvue.com/hack2secure

For more details, WASD Exam: www.hack2secure.com/wasd
www.hack2secure.com | certificate@hack2secure.com
Hack2Secure WASD Certification: Candidate Reference Guide 9

About Hack2Secure
Hack2Secure
Inspire, Induce, Innovate
The IT Industry has evolved from a standalone desktop and independent applications to a Complex Cloud
environment. Today technology have become so advanced to reduce costs in terms of hardware, software,
development and maintenance, however this has created an increased risk to SECURITY.

Hack2Secure excels in Information Security Domain and offers customised IT Security programs, including
Training, Services and Solutions. Our programs are designed by industry experts and tailored as per specific
needs. We strive to serve with quality, efficiency, and timely delivery through our team of experienced and
certified professionals in Information Security. We help students, professionals and companies with
knowledge, tools and guidance required to be at forefront of a vital and rapidly changing IT industry.

End-to-End Security Services

Hack2Secure offers IT Security Professional Services to provide ways to stay ahead of Security Threats
through adaptive and proactive Security methods like
Secure Software Development Lifecycle
Secure Application Design & Threat Modeling
Application Security Testing
Application/Network/Infrastructure Risk Assessment
Consulting

Security Training
Vendor Independent, Customizable, Across Domains, Multiple Levels
Hack2Secure excels in delivering intensive, immersion security training sessions designed to master
practical steps necessary for defending systems against the dangerous security threats. Our wide range of
fully customizable training courses allow individual to master different aspects of Information Security as
per their industry requirement and convenience.

Delivered Training to more than 15k+ Professionals Globally

Customizable Security Training Programs, aligned with Business Requirements

Security Certification
Globally delivered and Proctored Security Certification programs with PearsonVUE
Vendor Independent Programs based on Industry Security Standards and Practices

For more details, visit www.hack2secure.com/about-us

www.hack2secure.com | info@hack2secure.com
www.hack2secure.com HACK2SECURE

certificate@hack2secure.com @hack2secure

+91 (80) 49 58 32 99 Hack2Secure.India

+91 (80) 49 58 33 99

Hack2Secure, #681, First Floor, 15th Cross, 8th Main, 2nd Phase,
J.P. Nagar, Bangalore, Karnataka, 560078

Information Security Training, Services &

Solutions to keep you at forefront of the IT Industry