Call 1-800-305-3855 for more information on available plans and pricing
Study at your own pace
WAPTX comes with life-time access to course material and flexible access to the most sophisticated virtual labs on Network and Web Application Security.
Practice Web App Pentesting against a number of real world web applications. WAPTX includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab
Obtain the eWPTX certification and prove your practical skills with the only 100% practical certification on Advanced Web Application Penetration Testing
Course at a glance
- The most advanced course on Web App Pentesting
- Based on techniques professional pentesters uses
- Master Advanced Web Application Security tools
- In depth Web Application Vulnerbailities analysis
- XSS, SQL Injection, HTML5 and much more
- In depth obfuscation and encoding techniques
- Bypassing filters and WAF techniques
- HTML5 attacks vectors and exploits
- From the creators of Coliseum and Hack.me
- Gives you access to dedicated forums
- Makes you an advanced Web Application Pentester
- After obtaining the eWPTX certification qualifies you for 40 CPE
- 4 hours of video training material
- Over 1100 slides
- 50 Labs
- Self-paced / HTML5, PDF, MP4
- Off-line access available
- Access from PC, Tablet and Smartphone
- Module 1 : Encoding and Filtering
Understanding what kind of data encoding is being used and how it works is fundamental in ensuring that the tests are performed as intended, that’s why this module starts with the basics concept of Data Encoding. The next section is all about Filtering Basics, starting from a brief introduction on how to deal with Regular Expression, to understanding how to detect, fingerprint and evade Web Application Firewalls to finally conclude with analyzing the most common Client-side defensive mechanism.
- Module 2 : Evasion Basics
- Module 3 : Cross-Site Scripting
This module is entirely dedicate to Cross-site Scripting attacks. It starts from a brief recap of the classification and after that introduces Advanced Attack Techniques and exotic XSS vectors.
- Module 4 : XSS – Filter evasion and WAF bypassing
This module illustrates advanced Filter Evasion and WAF bypassing techniques such as blacklisting, sanitization, browser filters and much more.
- Module 5 : Cross-Site Request Forgery
This module is entirely dedicate to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and after that introduces the main Attack Techniques and Vectors in order to introduce later how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.
- Module 6 : HTML5
This module is entirely dedicate to HTML5 and related attacks. It starts from a recap and more about this technology analyzing the main features on which to focus the attack phase. After that, it comes alive with the main Exploitation techniques and attack scenarios. After analyzed the security concerns introduced with the new HTML5 features, there is an opposite section dedicated to the security enhancements. Here are presented the main mechanisms introduced to improve the security controls.
- Module 7 : SQL Injection
This module is entirely dedicate to SQL Injection attacks. It starts from a brief recap of the main classification about the exploitation techniques and after that introduces Advanced Attack Techniques.
- Module 8 : SQLi – Filter Evasion and WAF Bypassing
In this module the student will learn advanced Filter Evasion and WAF bypassing techniques.
- Module 9 : XML Attacks
This module is entirely dedicate to XML attacks. It starts from a recap and more about this technology and after that jumps directly into the main related vulnerabilities such as XML Tag Injcetion, XXE, XEE and XPath Injection. For each of them are analyzed basic and advanced exploitation techniques.
- Reading and understanding PHP code will help although not mandatory.
- Basic development skills required.
This training course is for…
- Penetration testers
- Web developers
- IT admins and staff
The WAPTX course is a practice-based curriculum that comes integrated with Hera Lab. When you enroll in WAPTX, you can choose how much Hera lab time you need: 90/120 days with our Flat model or even 90/120 hours with the On-Demand model. The On-Demand model lets you use the lab at any time, enjoying new labs when they are available.
|Lab 1||XSS – 11 challenging labs||Educational|
|Lab 2||XSRF – 5 challenging labs||Educational|
|Lab 3||SQL Injection – 10 challenging labs||Educational|
|Lab 4||Second-order SQLi – 7 challenging labs||Educational|
|Lab 5||SQLi Playground – 4 test environments to play with||Educational|
|Lab 6||XML Injection – 3 challenging labs||Educational|
|Lab 7||XML External Entities – 7 challenging labs||Educational|
|Lab 8||XML Entity Expansion – 4 challenging labs||Educational|