CCT-App TRAINING

CREST Certified Application Tester Basic Information

• CCT-A Training Training Duration: 35 Hours
• 95.8% Certification Success in First Attempt
• Classroom and Virtual batches available
• Training delivered by Professionals
• Dumps and Simulations available for Practice
• Certified Trainers with enormous industry experience
• Important Insights on Certification preparation

Book Your Course

Prerequisites:

• This training is only intended for individuals preparing for the CCT-A certification exam.

                CREST Tester App Exam Information (English Language)

                 CREST Tester App Exam Info (Other* Languages)

* French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean

Examination format
The format is the same for both the Infrastructure and Application Certified Tester exams.  The candidate will be expected to possess not only the technical ability to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner.  The examination consists of three tasks:

• A multiple-choice written examination
• A hands-on practical examination in two sequential sections. The first component will comprise a Scenario question demarcated from the practical component and designed to mimic the skills required to perform a build review and author a client report on the findings.  The second component will be a practical test (now referred to as an Assault Course)

To pass the exam, the candidate must pass all sections.  The written elements of the examination are delivered at Pearson Vue test centres;  the practical element is delivered at a CREST examination centre.  Candidates must hold a valid pass in the written element of this examination in order to sit the practical element.

CCT App COURSE OVERVIEW:

The CREST CCT Crest Application tester training course will tailor the candidate’s ability to find vulnerabilities in bespoke web applications as CREST CCT Training. The course uses specially designed applications running on a variety of web application platforms and now covers a wider scope than purely traditional web applications to include more recent advances in the field of web application technology and security to pass the CREST CCT Exam .

Objectives

The candidate Taking up CREST CCT Training Course will be expected to demonstrate that they are able to find a range of security flaws and vulnerabilities, including proving the ability to exploit and leverage the flaws to ascertain the impact of the issues found.

Target Audience

Candidates holding CREST Registered Tester certification.

Candidates Preparing for CREST CCT Exam.

Course Syllabus:

Soft Skills and Assessment Management

• Engagement Lifecycle
• Law & Compliance
• Scoping
• Understanding, Explaining and Managing Risk
• Record Keeping, Interim Reporting & Final Results

Core Technical Skills CREST Certified Application Tester

• IP Protocols
• Network Architecture
• Network Routing
• Network Mapping & Target Identification
• Interpreting Tool Output
• Filtering Avoidance Techniques
• Packet Crafting
• OS Fingerprinting
• Application fingerprinting and Evaluating Unknown Services
• Network Access Control Analysis
• Cryptography
• Applications of Cryptography
• File System Permissions
• Audit Techniques

Background Information Gathering & Open Source

• Registration Records
• Domain Name Server (DNS)
• Customer Web Site Analysis
• Google Hacking and Web Enumeration
• NNTP Newsgroups and Mailing Lists
• Information Leakage from Mail & News Headers

Networking Equipment

• Management Protocols
• Network Traffic Analysis
• Networking Protocols
• IPSec
• VoIP
• Wireless
• Configuration Analysis

Microsoft Windows Security Assessment

• Domain Reconnaissance
• User Enumeration
• Active Directory
• Windows Passwords
• Windows Vulnerabilities
• Windows Patch Management strategies
• Desktop Lockdown
• Exchange
• Common Windows Applications

Unix Security Assessment

• User enumeration
• Unix Vulnerabilities
• FTP
• Sendmail / SMTP
• Network File System (NFS)
• R* services
• X11
• RPC services
• SSH

Web Technologies

• Web Server Operation
• Web Servers & their Flaws
• Web Enterprise Architectures
• Web Protocols
• Web Mark-up Languages
• Web Programming Languages
• Web Application Servers
• Web APIs
• Web Sub-Components

Web Testing Methodologies

• Web Application Reconnaissance
• Threat Modelling and Attack Vectors
• Information Gathering from Web Mark-up
• Authentication Mechanisms
• Authorisation Mechanisms
• Input Validation
• Application Fuzzing
• Information Disclosure in Error Messages
• Use of Cross Site Scripting Attacks
• Use of Injection Attacks
• Session Handling
• Encryption
• Source Code Review

Web Testing Techniques

• Web Site Structure Discovery
• Cross Site Scripting Attacks
• SQL Injection
• Session ID Attacks
• Fuzzing
• Parameter Manipulation
• Data Confidentiality & Integrity
• Discovery Traversal
• File Uploads
• Code Injection
• CRLF Attacks
• Application Logic Flaws

Databases

• Microsoft SQL Server
• Oracle RDBMS
• Web / App/ Database Connectivity

Audience to the course:

The CREST CCT Training – CREST Certified Application Tester a globally recognized professional requirement in the IT Security domain, is best suited for:

• Professionals Interested in Obtaining the CREST CCT Course Credential
• IT Security Professionals
• IT Auditors
• Managers, Directors and Executives
• System Architects
• Compliance Specialists
• Risk Specialists
• Business Analysts