What is CP-AAST?

CP-AAST stands for “Certified Professional – Agile Application Security Testing”.
CP-AAST is the first step in application security testing roadmap. Certified CP-AAST professionals are eligible for next level of certification called CP-MAAST (Master of Agile Application Security Testing)
Knowledge, experience & certification is consciously designed to focus on “application security testing”.

How is it useful?

Learn Application Security fundamentals along with testing fundamentals and deep dive into OWASP testing concepts and mindset with CP-AAST. Showcase your knowledge of application security testing through CP-AAST. Prepare yourself to further your journey into application testing through this foundational application security testing certification course. CP-AAST also would help the participant to test the loopholes in development process and would enhance the security of the tested applications.


Am I Eligible?

There are no pre-requisite for this certification. Minimum qualification required is graduation in any stream.


CP-AAST is a 3 days program emphasizing on OWASP and application security testing practices.

  1. 1. Basics of Agile and need of Security Testing in Agile projects
    • Learn the basics of Agile and Scrum. Understand the need of security testing in agile projects and when should security testing be done during agile projects.
  2. 2. Application Security Testing Fundamentals
    • The key success to web application penetration testing is to understand exactly the attackers perceptive. Participants will be introduced the basic methodology of testing, protocols, client / server architecture. Furthermore, participants will be introduced the three stages of application security testing : reconnaissance, listing and exploitation.
  3. 3. OWASP (Open Web Application Security Testing Project)
    • OWASP is the open source initiative focusing on application security testing and it is accepted worldwide. Participants will be introduced the common flaws in development based on OWASP 2013 list. The emphasis will be given more towards Injection and Cross Site Scripting (XSS).
  4. 4. Practical Testing
    • Practice all the fundamentals of application testing throughout the course on a virtual environment using samurai framework and metasploit framework. Experience practical application testing by executing various open source tools against test websites and enhance your testing knowledge. Finally, the participants will be able to write a simple report that can be presented to the management.