Issued by Knight Squad Academy

kWAPTA badge — kWAPTA

This badge is awarded to

Lance Kenji Aranas Parce

Certified Web App Penetration Testing Apprentice

Earn this badge

Certificate ID: KSA-59V8GGZV2503
Issued on: March 25, 2026
Exam version: 1.0
Result: Passed with Merit

Earning criteria

Candidates must achieve at least 85% to earn this badge with merit.

Exam topic breakdown

Reconnaissance & Application Discovery

15%

Identify server-side technologies and application stack components
Extract version information from headers, responses, and exposed metadata
Discover sensitive or restricted endpoints through application behavior
Identify exposed administrative or privileged access paths
Recognize security-relevant information leakage during reconnaissance

HTTP Fundamentals & Request Handling

3%

Identify and test basic HTTP method handling
Identify key request/response headers used by the application
Assess cookie configuration and state-handling controls
Identify weaknesses in request validation for state-changing actions

Client-Side Injection

12%

Identify Cross-Site Scripting (XSS)
Identify HTML Injection
Understand impact of improper input sanitization
Recognize differences between injection types and contexts

Authorization & Access Control Weaknesses

40%

Identify Insecure Direct Object Reference (IDOR) vulnerabilities
Access unauthorized customer or user data
Identify privilege escalation paths between user roles
Gain elevated privileges through logical flaws

Authentication Weaknesses

20%

Identify weaknesses in login flows
Access restricted accounts without proper credentials

File and Path Handling Basics

10%

Assess features for improper file authorization checks
Identify path handling weaknesses

Syllabus distribution (percentages)
Area	Percent
Reconnaissance & Application Discovery	15%
HTTP Fundamentals & Request Handling	3%
Client-Side Injection	12%
Authorization & Access Control Weaknesses	40%
Authentication Weaknesses	20%
File and Path Handling Basics	10%