CPSA is an entry level exam that tests a candidate’s knowledge in assessing operating systems and common network services and includes an intermediate level of web app security testing and methods to identify common web app security vulnerabilities.
CPSA validates a practitioner’s knowledge of Pen Testing Principles beyond terminology. Successful CPSA candidates will be able to demonstrate that they are qualified for hands on Pen Test Roles (indicative of 2 years experience) with respect to:
– Soft Skills and Assessment Management
– Core Technical Skills
– Background Information Gathering and Open Source
– Networking Equipment
– Microsoft Windows Security Assessment
– Unix Security Assessment
– Web Testing Methodologies
– Web Testing Techniques
– Databases
Exam Certification Objectives & Outcome Statements
- Soft Skills and Assessment Management
The candidate will understand the PT engagement lifecycle, Applicable Legislation, Scoping Requirements, risks of a PT and Record Keeping.
- Core Technical Skills
The candidate will demonstrate an understanding of IP Protocols, Network Architectures, Network Mapping and Target Identification, the interpretation of Tooling Outputs, Filtering Avoidance Techniques, OS and Application Fingerprinting, Network Access Control Analysis, Files System Permissions and Audit Techniques.
- Cryptography
The candidate will have a basic understanding of the concepts of Cryptography and its applications, including Encryption Algorithms, Hashes and Integrity Codes.
- Background Information Gathering and Open Source
The candidate will demonstrate an understanding of Registry Records, DNS, Website Analysis, Search Engines and Enumeration, the exploitation of Newsgroups, how to secure Containers and understand security features provided in MacOS.
- Networking Equipment
The candidate will have a basic understanding of Network Management Protocols, Traffic Analysis, Networking Protocols, IPSec, VoiP, Enumeration of Wireless Devices and Encryption Methods, and Configuration Analysis.
- Microsoft Windows Security Assessment
The candidate will have a high-level understanding of Domain Reconnaissance, User Enumeration of Target Systems, Active Directory, Windows Passwords and Cracking, Windows Vulnerabilities, Patch Management Strategies, Desktop Lockdown, MS Exchange and common Windows Applications.
- Unix Security Assessment
The candidate will understand User Enumeration of Usernames, Unix Vulnerabilities, FTP, SMTP, NFS, R* Services, X11, RPC Services and SSH.
- Web Technologies
The candidate will understand Web Server Operations and their flaws, Web Enterprise Architectures, Web Protocols, Web Mark-up and Programming Languages, and Web App Servers, APIs and sub-components.
- Web Testing Methodologies
The candidate will demonstrate a basic understanding of Web App Reconnaissance, Threat Modelling and Attack Vectors, information gathering from Web Mark-Up, Authentication and Authorisation, Input Validation for Defensive Coding, information disclosure in Error Messages, XSS and Injection Attacks, Session Handling and Source Code Review.
- Web Testing Techniques
The candidate will demonstrate how to architect a network to be monitored and controlled to resist intrusion.
- Databases
The candidate will have a high-level understanding of the features of Group Policy and working with INF Security Templates.
Shop Manager
Agile Project Expert
