Domain overview
Application work is about state, trust, identity and business actions. This domain stays focused on reproducible proof, useful remediation and the patterns that repeatedly produce serious findings.
Related certification context
These paths map closely to application-security work covered on this page.
- OffSec OSWA / WEB-200Foundational web assessment workflow and practical attack coverage.
- OffSec OSWE / WEB-300White-box web exploitation, source-guided review and custom exploit logic.
Selected public references
- OWASP WSTG · Latestowasp.org/www-project-web-security-testing-guide/latest/
- PortSwigger · portswigger.net/web-security
- OWASP Cheat Sheet Seriescheatsheetseries.owasp.org/
- OWASP ASVSowasp.org/www-project-application-security-verification-standard/
- OWASP API Securityowasp.org/www-project-api-security/
- PortSwigger · Documentationportswigger.net/burp/documentation
- GitHub · EnableSecurity / wafw00fgithub.com/EnableSecurity/wafw00f
Topic index
Introduction
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
OWASP Top 10 And Web Application Pentesting Theory
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Application Pentesting Practice
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Browser Exploitation Framework (Beef)
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Burp Suite Professional
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Application Firewall Bypass
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Vulnerability Assessment (Burp Enterprise)
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Vulnerability Assessment With Acunetix
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Vulnerability Assessment With Netsparker
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Vulnerability Assessment With Intruder.Io
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Web Vulnerability Assessment With Rapid7 Appspider
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Quick Reference
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.
Ewpt - Web Pentesting Certification
Application work is about trust boundaries, state handling and the business logic that decides what a caller is allowed to do. The domain is built around reproducible validation, useful remediation language and references that stay relevant during a live assessment.