
Train On-Demand
Choose the training you want from 18,000+ videos of instructor-led content. Watch anywhere.
Learn More<br>The Web Application Penetration Testing course provides all the advanced skills necessary to carry out a thorough and professional penetration test against modern web applications. The Penetration Testing Process is among the first topics you will come across, helping you gain confidence with the processes and legal matters involved in a penetration testing engagement. You will learn methodologies and the best practice for reporting in order to become a confident and professional penetration tester. and understand the basics of web applications. In-depth coverage of the Same Origin Policy, encoding, HTTP Protocol and cookies will prove useful for the rest of the training course. Burp and ZAP proxies are also covered at this point. Then a multitude of techniques are presented to collect behavioral, functional, applicative, and infrastructural information. Information gathering is of paramount importance during web app penetration tests. The most widespread web application vulnerabilities will be covered in depth (including how to mitigate them). Specifically, XSS (reflected, stored, DOM), SQLi (In-band, Error-based, Blind), NoSQL attacks, CSRF, path traversal, local file inclusion, remote file inclusion, arbitrary file upload, HTTP response splitting and many other will be covered. Authentication, authorization, Session, Flash and HTML5 attacks are also covered in detail. Finally, this course covers how to perform penetration tests against turnkey CMS solutions and web services (XML-RPC, JSON-RPC, SOAP, RESTful, WSDL, SOAPAction spoofing, etc.)</br> <br>This course is part of the Web Application Penetration Testing Professional Learning path which prepares you for the eWPT exam and certification</br>
Instructor for this course
Dimitrios Bougioukas
Penetration Testing Process - Study Guide
Introduction - Study Guide
HTTP Cookies and Sessions
Same Origin Policy
Burp Suite
OWASP Zap
Introduction labs
Information Gathering - Study Guide
Web Application Information Gathering
Subdomain Enumeration
Web Application Fingerprint
Crawling and Spidering
Dirbuster
Information Gathering
Cross Site Scripting - Study
XSS Reflected and Persistent
XSS DOM
BEEF
Cross Site Scripting
SQL Injections - Study Guide
SQL Injection Basics
SQLMap Basics
Finding SQL Injections
Exploiting In-Band SQL Injections
Exploiting Error-Based SQL Injection
Exploiting Blind SQL Injections
SQL Injection
Authentication and Authorization - Study Guide
Username Enumeration
Bypass Authorization
Authentication and Authorization
Session Security - Study Guide
Session Hijacking and Fixation
Cross-Site Request Forgery
Session Security
Flash - Study Guide
Flash Security and Attacks
HTML5 - Study Guide
HTML5 CORS
HTML5
File and Resources Attacks - Study Guide
File and Resources Attacks
File and Resources Attacks
Other Attacks - Study Guide
Clickjacking
Other Attacks
Web Services - Study Guide
Web Services: SOAP
Web Services
XPath - Study Guide
XPATH and XCAT
XPath
Penetration Testing Content Management Systems - Study Guide
Capturing WordPress Credentials for Lateral Movement
Exploiting a Vulnerability in WordPress Core
Exploiting WordPress
Chaining Vulnerabilities To Remotely Extract WP Admin Credentials
Penetration Testing NoSQL Databases - Study Guide
Redis Exploitation
NoSQL Injections Against MongoDB
CouchDB Exploitation
Take your technical training into your own hands and stay engaged with our learn-by-doing platform where you can put your skills to the test with hands-on exercises, quizzes, and labs.
Choose the training you want from 18,000+ videos of instructor-led content. Watch anywhere.
Learn MoreINE quizzes, labs, projects, and exercises help reinforce your knowledge.
Learn MoreOrganized training helps guide you through the most relevant subjects for certification prep.
Learn MoreWe add new courses and learning materials to the platform weekly so you're always up-to-date.
Learn MoreIf you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below.
If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.
Do you offer training for all student levels?
Are the training videos downloadable?
I only want to purchase access to one training course, not all of them, is this possible?
Are there any fees or penalties if I want to cancel my subscription?