Use this quick start guide to collect all the information about GIAC GWEB Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Certified Web Application Defender (GWEB) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Web Application Defender (GWEB) certification exam.
The GIAC GWEB certification is mainly targeted to those candidates who want to build their career in Cloud Security domain. The GIAC Web Application Defender (GWEB) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GWEB.
GIAC GWEB Exam Summary:
| Exam Name | GIAC Web Application Defender (GWEB) |
| Exam Code | GWEB |
| Exam Price | $979 (USD) |
| Duration | 180 mins |
| Number of Questions | 75 |
| Passing Score | 68% |
| Books / Training | |
| Schedule Exam | Pearson VUE |
| Sample Questions | GIAC GWEB Sample Questions |
| Practice Exam | GIAC GWEB Certification Practice Exam |
GIAC GWEB Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Access Control |
- The candidate will demonstrate understanding of access control attacks and mitigation strategies, as well as applying the best practice in avoiding access control issues.
|
|
AJAX Technologies and Security Strategies
|
- The candidate will demonstrate an understanding of Asynchronous JavaScript and XML (AJAX) architecture, common attacks against AJAX technologies and best practices for securing applications using AJAX.
|
| Authentication |
- The candidate will demonstrate understanding of web authentication, single sign on methods, third party session sharing and common weaknesses, as well as how to develop test strategies, and apply best practices.
|
|
Cross Origin Policy Attacks and Mitigation
|
- The candidate will demonstrate an understanding of methods attackers use to circumvent single origin policy enforcement and best practices for preventing, detecting or mitigating these attacks in web applications.
|
| CSRF |
- The candidate will demonstrate understanding of the conditions that make a CSRF attack possible, the steps an attacker takes and how to mitigate CSRF attacks.
|
|
Encryption and Protecting Sensitive Data
|
- The candidate will demonstrate understanding of how cryptographic components work together to protect web application data in transit and in storage and also when and where to use encryption or tokenization to protect sensitive information.
|
|
File Upload, Response Readiness, Proactive Defense
|
- The candidate will demonstrate an understanding of incident response as well as file upload, logging, and anti automation issues
|
|
Input Related Flaws and Input Validation
|
- The candidate will demonstrate understanding of SQL injection, Cross site Scripting, HTTP Response splitting, and how to protect against them with proper input validation
|
|
Leading Edge Technologies and Web Security
|
- The candidate will demonstrate an understanding of leading edge web application security issues and technologies
|
|
Modern Application Framework Issues and Serialization
|
- The candidate will demonstrate understanding of miscellaneous security technolgies and techniques associated with web application security including REST, Java Frameworks, Serialization, and Browser Defense
|
|
Security Testing
|
- The candidate will demonstrate an understanding of how to detect and respond to incidents and conduct security testing in the web application environment.
|
|
Session Security & Business Logic
|
- The candidate will demonstrate understanding of what sessions are, how to test and mitigate common weaknesses, and how to properly implement session tokens and cookies in a web application as well as security issues associated with business logic.
|
|
Web Application and HTTP Basics
|
- The candidate will demonstrate understanding of the building blocks of web applications and how components work together to provide HTTP content as well as high level attack trends.
|
|
Web Architecture and Configuration
|
- The candidate will demonstrate an understanding of web application architecture and controls needed to secure servers and services that host web applications.
|
|
Web Services Security
|
- The candidate will demonstrate an understanding of Service Oriented Architecture (SOA), common attacks against web services components (SOAP, XML, WSDL, etc) and best practices for securing web services.
|
To ensure success in GIAC GWEB certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Certified Web Application Defender (GWEB) exam.