Web Application Penetration Testing


8 Days

Download Full Syllabus Request a Quote
All Our Courses Now Also LIVE

Course Outline

The 8-day Web Application Penetration Testing course teaches participants the fundamentals of penetrating web applications and how to exploit a variety of known vulnerabilities. Participants will be introduced to many techniques used by pentesters and learn how to check for most security vulnerabilities, how to identify security bugs and many more practical skills. The course is geared towards hands-on practitioners and includes a variety of live demonstrations and immersive exercise labs. This course features hands-on simulations provided by @Cywar – a gamified training and assessment platform by HackerU Solutions.

Upon course completion, participants will be able to: ו Test web applications and exploit a broad range of vulnerabilities ו Perform lesser-known functions and tricks in order to overcome seemingly impenetrable apps or web functions ו Perform JavaScript basics in order to run penetration tests on a broad level while understanding its impact on security at large

Upcoming Meetings


Web Fundamentals
  • Web Technologies Overview
  • Browser tools & Debugging
  • OWASP Top10
Web Server Installation
  • Apache Secure Installation
  • Apache Secure Configuration
  • Hardening Apache
Traffic Manipulation
  • Burp Suite
  • OWASP Zap
  • Web Site Enumeration
  • Web Application Brute-Force Challenge
Web Cryptography
  • SSL vs TLS
  • Cipher Suites
  • OpenSSL – CA vs self-signed certificates
Introduction to Client-Side Attacks
  • Reflected XSS
  • Stored XSS
Authorization & Authentication
  • CSRF
  • Broken Authentication
  • Broken Authorization
  • Session Attacks
XML Attacks
  • Configuring & Maintaining Databases
  • MariaDB
  • SQL Syntax
Marinating Databases
  • Error-Based SQL Injection
  • Union-Based SQL Injection
  • Data Exfiltration
  • Injection Automation
Advanced SQLi
  • Blind SQL Injection
  • Time-based injection
  • NoSQL Injection
XML Injection
  • XML Usage in Web Applications
  • XXE
  • SSRF
  • SSRF through XXE
PHP Vulnerabilities
  • PHP Programming
  • PHP Vulnerabilities
  • Insecure Input Filtration
LFI/RFI & Directory Traversal
  • LFI
  • RFI
  • Directory Traversal
WordPress Hacking
  • Content management Systems
  • WPScan
  • WordPress Enumeration
File Upload
  • File Upload
  • PHP Shells
File Upload
  • Nessus
  • Qualys
  • Writing Reports
Web Hacking Challenges
  • Web Hacking Challenges (CyWar.HackerU.com)


  • Knowledge in Information Security, Computer Networking and Common Protocols is a must
  • Familiarization with ethical hacking and/or infrastructure hacking
  • Basic knowledge of web development (HTML, CSS, JavaScript, etc.) is an advantage but not required

Upcoming Meetings

Participants will be introduced to many techniques used by pentesters and learn how to check for most security vulnerabilities"
Download Full Syllabus

Target Audience

    • Israel
    • Poland
    • USA
    • Russia
    • India
    Skip to content