Call 1-800-305-3855 for  more information on available plans and pricing

Study at your own pace

WAPTX comes with life-time access to course material and flexible access to the most sophisticated virtual labs on Network and Web Application Security.

Extremely Hands-on

Practice Web App Pentesting against a number of real world web applications. WAPTX includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab

Become Certified

Obtain the eWPTX certification and prove your practical skills with the only 100% practical certification on Advanced Web Application Penetration Testing

Course at a glance
  • The most advanced course on Web App Pentesting
  • Based on techniques professional pentesters uses
  • Master Advanced Web Application Security tools
  • In depth Web Application Vulnerbailities analysis
  • XSS, SQL Injection, HTML5 and much more
  • In depth obfuscation and encoding techniques
  • Bypassing filters and WAF techniques
  • HTML5 attacks vectors and exploits
  • From the creators of Coliseum and Hack.me
  • Gives you access to dedicated forums
  • Makes you an advanced Web Application Pentester
  • After obtaining the eWPTX certification qualifies you for 40 CPE
Course Material
  •     4 hours of video training material
  •     Over 1100 slides
  •     50 Labs
Course Delivery
  •     Self-paced / HTML5, PDF, MP4
  •     Off-line access available
  •     Access from PC, Tablet and Smartphone
Syllabus
  • Module 1 : Encoding and Filtering

    Understanding what kind of data encoding is being used and how it works is fundamental in ensuring that the tests are performed as intended, that’s why this module starts with the basics concept of Data Encoding. The next section is all about Filtering Basics, starting from a brief introduction on how to deal with Regular Expression, to understanding how to detect, fingerprint and evade Web Application Firewalls to finally conclude with analyzing the most common Client-side defensive mechanism.

  • Module 2 : Evasion Basics

    To complete course introduction it is important to study the main Evasion Techniques that starts from Base64 and not well known URI obfuscation techniques and concludes with JavaScript and PHP Obfuscation techniques.

  • Module 3 : Cross-Site Scripting

    This module is entirely dedicate to Cross-site Scripting attacks. It starts from a brief recap of the classification and after that introduces Advanced Attack Techniques and exotic XSS vectors.

  • Module 4 : XSS – Filter evasion and WAF bypassing

    This module illustrates advanced Filter Evasion and WAF bypassing techniques such as blacklisting, sanitization, browser filters and much more.

  • Module 5 : Cross-Site Request Forgery

    This module is entirely dedicate to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and after that introduces the main Attack Techniques and Vectors in order to introduce later how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.

  • Module 6 : HTML5

    This module is entirely dedicate to HTML5 and related attacks. It starts from a recap and more about this technology analyzing the main features on which to focus the attack phase. After that, it comes alive with the main Exploitation techniques and attack scenarios. After analyzed the security concerns introduced with the new HTML5 features, there is an opposite section dedicated to the security enhancements. Here are presented the main mechanisms introduced to improve the security controls.

  • Module 7 : SQL Injection

    This module is entirely dedicate to SQL Injection attacks. It starts from a brief recap of the main classification about the exploitation techniques and after that introduces Advanced Attack Techniques.

  • Module 8 : SQLi – Filter Evasion and WAF Bypassing

    In this module the student will learn advanced Filter Evasion and WAF bypassing techniques.

  • Module 9 : XML Attacks

    This module is entirely dedicate to XML attacks. It starts from a recap and more about this technology and after that jumps directly into the main related vulnerabilities such as XML Tag Injcetion, XXE, XEE and XPath Injection. For each of them are analyzed basic and advanced exploitation techniques.

Pre-requisites
  • Understanding of HTML, HTTP and Javascript.
  • Reading and understanding PHP code will help although not mandatory.
  • Basic development skills required.
This training course is for…
  • Penetration testers
  • Web developers
  • IT admins and staff
Labs

The WAPTX course is a practice-based curriculum that comes integrated with Hera Lab. When you enroll in WAPTX, you can choose how much Hera lab time you need: 90/120 days with our Flat model or even 90/120 hours with the On-Demand model. The On-Demand model lets you use the lab at any time, enjoying new labs when they are available.

Lab IDDescriptionCategory
Lab 1XSS – 11 challenging labsEducational
Lab 2XSRF – 5 challenging labsEducational
Lab 3SQL Injection – 10 challenging labsEducational
Lab 4Second-order SQLi – 7 challenging labsEducational
Lab 5SQLi Playground – 4 test environments to play withEducational
Lab 6XML Injection – 3 challenging labsEducational
Lab 7XML External Entities – 7 challenging labsEducational
Lab 8XML Entity Expansion – 4 challenging labsEducational

Call 1-800-305-3855 for  more information on available plans and pricing