Web Penetration Testing

Price
$2,699.00 USD

Duration
4 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You’ll gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker.

The primary focus is learning by doing, with each module focusing on real-world techniques. You will also receive 12-months access to the full on-demand version of the course to support the reinforcement of classroom learning objectives.

This course includes two Exam Vouchers for TCM Security’s Practical Web Pentest Associate (PWPA) and Practical Web Pentest Professional (PWPP) certifications. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date.

What Is Included

  • 4 Days (32 Hours) of Live Instruction
  • Exam Vouchers:
    • Practical Web Pentest Associate (PWPA) Exam Certification Voucher – Entry Level
    • 1 exam attempt included
    • NO multiple-choice; NO capture the flag
    • 2 days to complete assessment
    • 2 days to complete report
    • Practical Web Pentest Professional (PWPP) Exam Certification Voucher – Intermediate
    • 1 exam attempt included
    • NO multiple-choice; NO capture the flag
    • 3 days to complete assessment
    • 2 days to complete report
  • 10+ Hours on On-Demand Training (12 months access)
  • 30+ Online Labs w/ Access Post-Training (50 hours access)
  • Private Discord Cohort and Instructor Access

Course Objectives

  • The fundamental architecture and functionality of web applications
  • Common server-side vulnerabilities and attack techniques
  • Client-side attack methods and exploitation tactics
  • Scanning tools and techniques used to identify and execute advanced web application attacks

Who Should Attend?

  • Aspiring Penetration Testers and Cybersecurity Professionals
  • Beginner web application penetration testers looking to validate their skills.
  • People who have a keen interest in web applications and how they can be exploited.
  • Individuals looking for extra guidance as they study for the PJPT or PWPA.
  • Anyone looking to advance their knowledge, skills, and methodologies
  • Intermediate-level web app pentesters who are looking to go beyond the fundamentals to understand how web apps work and what makes them vulnerable.
  • People who have a keen interest in web applications and how they can be exploited.
  • Anyone with some experience in web application development looking to gain some experience with security.
  • Students looking to prepare for the Practical Web Penetration Tester (PWPT) exam.
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Learning Credits: Learning Credits can be purchased well in advance of your training date to avoid having to commit to specific courses or dates. Learning Credits allow you to secure your training budget for an entire year while eliminating the administrative headache of paying for individual classes. They can also be redeemed for a full year from the date of purchase. If you have previously purchased a Learning Credit agreement with New Horizons, you may use a portion of your agreement to pay for this class.

If you have questions about Learning Credits, please contact your Account Manager.

Course Prerequisites

No pre-requisite knowledge required other than general computer use

Agenda

Day 1 – How Web Apps Work

  • Introduction
  • How Web Apps Work
  • Intro to HTTP
  • Broken Authentication
  • Broken Access Control
  • SQL Injection

Day 2 – Server-Side Attacks

  • SQL Injection
  • Command Injection
  • XML External Entity (XXE) Injection
  • Directory Traversal

Day 3 – Server-Side Attacks and Client-Side Attacks

  • File Upload
  • Server-Side Request Forgery (SSRF)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)

Day 4 – Scanning and More Advanced Attacks

  • Scanning, Filter Bypasses, WAF Bypasses
  • Logic Bugs
  • Building a Methodology
  • Performing a Web App Pentest
 

Upcoming Class Dates and Times

Aug 22, 29, Sept 5, 12
9:00 AM - 5:00 PM
ENROLL $2,699.00 USD
Weekday Sessions /
Virtual: Online - EST
Nov 21, Dec 5, 12, 19
9:00 AM - 5:00 PM
ENROLL $2,699.00 USD
Weekday Sessions /
Virtual: Online - EST
CourseID: 3606117E
               
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
Contact Us about Starting Your Business Training Strategy with New Horizons