Train On-Demand
Choose the training you want from 18,000+ videos of instructor-led content. Watch anywhere.
Learn MoreWeb Application Penetration Testing
What about this course?
<br>The Web Application Penetration Testing course provides all the advanced skills necessary to carry out a thorough and professional penetration test against modern web applications. The Penetration Testing Process is among the first topics you will come across, helping you gain confidence with the processes and legal matters involved in a penetration testing engagement. You will learn methodologies and the best practice for reporting in order to become a confident and professional penetration tester. and understand the basics of web applications. In-depth coverage of the Same Origin Policy, encoding, HTTP Protocol and cookies will prove useful for the rest of the training course. Burp and ZAP proxies are also covered at this point. Then a multitude of techniques are presented to collect behavioral, functional, applicative, and infrastructural information. Information gathering is of paramount importance during web app penetration tests. The most widespread web application vulnerabilities will be covered in depth (including how to mitigate them). Specifically, XSS (reflected, stored, DOM), SQLi (In-band, Error-based, Blind), NoSQL attacks, CSRF, path traversal, local file inclusion, remote file inclusion, arbitrary file upload, HTTP response splitting and many other will be covered. Authentication, authorization, Session, Flash and HTML5 attacks are also covered in detail. Finally, this course covers how to perform penetration tests against turnkey CMS solutions and web services (XML-RPC, JSON-RPC, SOAP, RESTful, WSDL, SOAPAction spoofing, etc.)</br> <br>This course is part of the Web Application Penetration Testing Professional Learning path which prepares you for the eWPT exam and certification</br>
Duration
18 hours
Difficulty
professional
INE's world-class IT trainingInstructor for this course
Dimitrios Bougioukas
This course is composed by the following modules
INE's world-class IT training
Module 1
Penetration Testing Process1 video
Penetration Testing Process - Study Guide
Module 2
Introduction6 videos
Introduction - Study Guide
HTTP Cookies and Sessions
Same Origin Policy
Burp Suite
OWASP Zap
Introduction labs
Module 3
Information Gathering7 videos
Information Gathering - Study Guide
Web Application Information Gathering
Subdomain Enumeration
Web Application Fingerprint
Crawling and Spidering
Dirbuster
Information Gathering
Module 4
Cross Site Scripting5 videos
Cross Site Scripting - Study
XSS Reflected and Persistent
XSS DOM
BEEF
Cross Site Scripting
Module 5
SQL Injections8 videos
SQL Injections - Study Guide
SQL Injection Basics
SQLMap Basics
Finding SQL Injections
Exploiting In-Band SQL Injections
Exploiting Error-Based SQL Injection
Exploiting Blind SQL Injections
SQL Injection
Module 6
Authentication and Authorization4 videos
Authentication and Authorization - Study Guide
Username Enumeration
Bypass Authorization
Authentication and Authorization
Module 7
Session Security4 videos
Session Security - Study Guide
Session Hijacking and Fixation
Cross-Site Request Forgery
Session Security
Module 8
Flash2 videos
Flash - Study Guide
Flash Security and Attacks
Module 9
HTML53 videos
HTML5 - Study Guide
HTML5 CORS
HTML5
Module 10
File and Resources Attacks3 videos
File and Resources Attacks - Study Guide
File and Resources Attacks
File and Resources Attacks
Module 11
Other Attacks3 videos
Other Attacks - Study Guide
Clickjacking
Other Attacks
Module 12
Web Services3 videos
Web Services - Study Guide
Web Services: SOAP
Web Services
Module 13
XPath3 videos
XPath - Study Guide
XPATH and XCAT
XPath
Module 14
Penetration Testing Content Management Systems5 videos
Penetration Testing Content Management Systems - Study Guide
Capturing WordPress Credentials for Lateral Movement
Exploiting a Vulnerability in WordPress Core
Exploiting WordPress
Chaining Vulnerabilities To Remotely Extract WP Admin Credentials
Module 15
Penetration Testing NoSQL Databases4 videos
Penetration Testing NoSQL Databases - Study Guide
Redis Exploitation
NoSQL Injections Against MongoDB
CouchDB Exploitation
Nail Your Next Project
Take your technical training into your own hands and stay engaged with our learn-by-doing platform where you can put your skills to the test with hands-on exercises, quizzes, and labs.
Get Hands-On
INE quizzes, labs, projects, and exercises help reinforce your knowledge.
Learn MoreLearning Paths
Organized training helps guide you through the most relevant subjects for certification prep.
Learn MoreAccess to All Courses & Updates
We add new courses and learning materials to the platform weekly so you're always up-to-date.
Learn MoreCommon Course Questions
If you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below.
If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.
Do you offer training for all student levels?
Are the training videos downloadable?
I only want to purchase access to one training course, not all of them, is this possible?
Are there any fees or penalties if I want to cancel my subscription?
