Authentication Weaknesses
20%- Identify weaknesses in login flows
- Access restricted accounts without proper credentials
Issued by
Knight Squad Academy
This badge is awarded to
Waris Damkham
Certified Web App Penetration Testing Apprentice
Earn this badge- Certificate ID
KSA-UGSEKSEJ2501- Issued on
- January 25, 2026
- Exam version
- 1.0
- Result
- Passed with Merit
Earning criteria
Candidates must achieve at least 85% to earn this badge with merit.
Exam topic breakdown
Authorization & Access Control Weaknesses
40%- Identify Insecure Direct Object Reference (IDOR) vulnerabilities
- Access unauthorized customer or user data
- Identify privilege escalation paths between user roles
- Gain elevated privileges through logical flaws
Client-Side Injection
12%- Identify Cross-Site Scripting (XSS)
- Identify HTML Injection
- Understand impact of improper input sanitization
- Recognize differences between injection types and contexts
File and Path Handling Basics
10%- Assess features for improper file authorization checks
- Identify path handling weaknesses
HTTP Fundamentals & Request Handling
3%- Identify and test basic HTTP method handling
- Identify key request/response headers used by the application
- Assess cookie configuration and state-handling controls
- Identify weaknesses in request validation for state-changing actions
Reconnaissance & Application Discovery
15%- Identify server-side technologies and application stack components
- Extract version information from headers, responses, and exposed metadata
- Discover sensitive or restricted endpoints through application behavior
- Identify exposed administrative or privileged access paths
- Recognize security-relevant information leakage during reconnaissance
| Area | Percent |
|---|---|
| Authentication Weaknesses | 20% |
| Authorization & Access Control Weaknesses | 40% |
| Client-Side Injection | 12% |
| File and Path Handling Basics | 10% |
| HTTP Fundamentals & Request Handling | 3% |
| Reconnaissance & Application Discovery | 15% |