KAS Certified Web Application Security Professional

Certified Web Application Security Professional

The self-learning course is FREE. Only the (optional) one-to-one coaching and certification requires payments.


The course material presented herein is to be used for educational purposes only. It is intended to impart knowledge related to “Computer Security” and is in no way related to “CRACKING” or “HACKING” (unethical).

KAS does not condone illegal, unethical or irresponsible actions.

Students are strictly warned not to use the knowledge and skills you gained during the course/workshops for malicious attacks, nor attempt to access without authority or compromise any programme or data held in any computer regardless of the intent. Any such acts may be in contravention of the law and you will bear full and sole responsibility for your actions.

Table of Content

Join our CyberSecurity Guild Facebook group

Cyber Crime Defined

Security Policies

To get the WebGoat, visit www.owasp.org

Broken Access Control

Cryptographic Failure ~ Sensitive Data Exposure

Injection Attack Defined

Structure Query Language Injection (SQLi)

Insecure Design

Security Misconfiguration


Vulnerable & Outdated Components

Identification & Authentication Failure


Software & Data Integrity Failure

Security Logging & Monitoring Failure

TODO Server-Side Request Forgery


XML External Entity (XXE) Attack

Buffer Overflow

(DNS) Cache Poisoning

For enquiry please email us at


or fill in the registration form with the code: KIV-KAS-CWASP

and be inform when this course is open.