Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP.
With increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading. As a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems. The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks which typically result from flawed coding, and failure to sanitize input to and output from the web application.
The goal of this specialty domain is to identify professionals with excellent skills in hacking, auditing and securing web applications.
|Web Application Penetration Tester||Information Security Lead – Web Security|
|Web Security Specialist||Quality Analyst – Web App Security|
|Web Application Security Manager||Web Security Tester|
|Web Security Analyst||Sr.Analyst Web App Vulnerability Management|
The Web Application Security Lab exam is based on the following domains: