Certified Desktop Application Pentester
(CDAPen)
The Certified Desktop Application Pentester (CDAPen) exam is an intermediate-level exam designed to test a candidate’s understanding of fundamental desktop application security concepts. Candidates must be able to demonstrate practical knowledge to conduct a desktop application pentest to pass this exam.
- Thick client and binary exploitation tested
- Under £65 with one free retake
- OWASP Desktop App Top 10 vulnerabilities covered
- Architecture & side-channel flaws
- Practical
- 4 Hours
- Online
- On-demand
- Real world pentesting scenarios
$250.00
$62.5
Our Candidates Say it Best
Jaime Ramírez
Cybersecurity Researcher | CDAPen | CDAPen
I’m the second person in the world to achieve the Certified Desktop Application Pentester (CDAPen) certification by The SecOps Group.
This certification is 100% practical, focused entirely on real-world exploitation of Thick Client (desktop application) vulnerabilities, covering advanced techniques such as reverse engineering, authentication and authorization bypass, binary and memory manipulation, cryptographic weaknesses, and application-level attack chains aligned with the OWASP Desktop Top 10. A truly hands-on and technically demanding experience that reflects the landscape of thick-client security.
Knani Alaaeddine
Offensive Security Engineer | Web & Mobile Pentesting
Glad to share that I’m the 𝗙𝗜𝗥𝗦𝗧 to pass the Certified Desktop Application Pentester (CDAPen) by The SecOps Group (Creators of PentestingExams.com).
Really enjoyed the hands-on lab, practical, realistic, and a great learning experience.
Branimir Petruša
Math teacher | CDAPen
The Certified Desktop Application Pentester (CDAPen) is the latest exam from The SecOps Group (Creators of PentestingExams.com).
It is a 4 hour long practical exam that tests a candidate's understanding of fundamental desktop application security concepts.
Had an absolute blast during exam while testing vulnerable applications.
Who should take the exam?
CDAPen is intended to be taken by pentesters, application security architects, SOC analysts, red and blue team members and any security enthusiasts, who want to evaluate and advance their knowledge.
What is the format of the exam?
CDAPen is an intense 4 hour long practical exam. It requires candidates to solve a number of challenges, identify and exploit various vulnerabilities and obtain flags. The exam can be taken online, anytime (on-demand) and from anywhere. Candidates will need to connect to the exam VPN server to access the vulnerable applications.
What is the pass criteria for the exam?
The pass criteria are as follows:
- Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
- Candidates scoring over 75% marks will be deemed to have passed with merit.
What is the experience needed to take the exam?
This is an intermediate-level exam. Candidates should have prior knowledge and experience in desktop application pentesting. They should have an understanding of common desktop application security-related topics such as the OWASP Desktop App Security Top 10 Risks, commonly identified security misconfigurations, and best security practices. They must demonstrate their practical knowledge of desktop application pentesting by completing tasks that involve identifying and exploiting vulnerabilities created in the exam environment to simulate real-world scenarios.
Note: As this is an intermediate-level exam, a minimum of two years of professional pentesting/bug-bounty experience is recommended.
What will the candidates get?
On completing the exam, each candidate will receive:
- A certificate with their pass/fail and merit status.
- The certificate will contain a certificate number, which can be used by anyone to validate the certificate.
What is the exam retake policy?
Candidates who fail the exam are allowed 1 free exam retake within the exam fees.
What are the benefits of this exam?
The certificate will allow candidates to demonstrate their understanding of desktop application security topics. This will help them advance in their career.
How long is the certificate valid for?
The certificate does not have an expiration date. However, the passing certificate will include details of the exam, such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.
Are candidates allowed to use AI tools during the exam?
No, candidates are not allowed to use AI in any way during the exam.
What is the refund policy?
All purchases are final. We do not offer refunds once a transaction has been completed.
Will you provide any training that can be taken before the exam?
Being an independent certifying authority, we do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have an adequate understanding, required experience and practical knowledge of these topics. Further, the following independent resources can be used to prepare for the exams.
Learning Resources
Exam Syllabus
Identification and Exploitation of OWASP Desktop Application Security Top 10 Vulnerabilities
Injection Attacks
- SQL Injection
- NoSQL Injection
Authentication-related Vulnerabilities
- Client-side authentication bypass
- Password reset attacks
Authorization and Session Management related flaws –
- Insecure Direct Object Reference (IDOR)
- Parameter Manipulation attacks