Call 1-800-305-3855 for  more information on available plans and pricing

Study at your own pace

WAPT comes with life-time access to course material and flexible access to the most sophisticated virtual labs on Web Application Securityi and Penetration Testing: Hera Lab

Extremely Hands-on

Practice Web App Pentesting against a number of real world web applications.

Become Certified

Obtain the eWPT certification and prove your practical skills with the only 100% practical certification on Web Application Penetration Testing

Course at a glance
  • Start from the very basics
  • Covers OWASP TOP 10 2013 and beyond
  • Master Burp Suite
  • In depth Web application analysis and information gathering
  • XSS & SQL Injection
  • Session related vulnerabilites
  • LFI/RFI
  • HTML5 attacks
  • Start fromWeb Application Attacks and land to Network and Infrastructure Penetration Testing
  • Gives you access to dedicated forums
  • Makes you a proficient professional pentester
  • After obtaining the eWPT certification qualifies you for 40 CPE
Course Material
  •     5+ hours of video training material
  •     Over 1800 slides
  •     56 Labs
Course Delivery
  •     Self-paced / HTML5, PDF, MP4
  •     Off-line access available
  •     Access from PC, Tablet and Smartphone
Syllabus
  • Module 1 : Penetration Testing Process

    This module the student will learn the methodologies and the reporting best practice in order to become a confident and professional penetration tester.

  • Module 2 : Introduction to Web Applications

    In this module the student will understand the basics of Web applications. An in-depth coverage of the Same Origin Policy in its latest developments and the Cookie RFC will help experienced and non-experienced penetration testers gain critical foundational skills useful for the rest of the training course.

  • Module 3 : Information Gathering

    Let the Penetration test start! Every penetration test begins with the Information gathering phase.

  • Module 4 : Cross Site Scripting

    In this module he most widespread web application vulnerability will be dissected and studied in all its parts. Students will gain all the skills needed to fully unleash the power of cross site scripting exploitation!

  • Module 5 : SQL Injection

    In this module will be studied the most advanced techniques to find and exploit SQL Injections.

  • Module 6 : Authentication and Authorization

    During this module, the student will learn the most common authentication mechanisms, their weaknesses and the related attacks.

  • Module 7 : Session Security

    The student will learn how sessions work and what are the most common attacking patterns. Moreover they will study how to prevent session attacks.

  • Module 8 : Flash

    The student will first study the Flash security model and its pitfalls. Then will use the most recent tools to find and exploit vulnerabilities in Flash files.

  • Module 9 : HTML5

    In this module we will be discussing the most important elements of HTML5: cross origin resource sharing, cross window messagins, web sockets, sandboxing and web storage. The student will learn how to leverage these features to mount successful attacks.

  • Module 10 : Files and Resources Attacks

    The student will learn how to identify and exploit path traversal, file inclusion and unrestricted file upload vulnerabilities.

  • Module 11 : Other Attacks

    The student will practice a number of vulnerabilities that, despite being less known or publicized, are still affecting a number of web applications.

  • Module 12 : Web Services

    During this highly in depth module the student will first become familiar with web services paradigms and protocols and then learn all the most important related security issues.

  • Module 13 : XPath

    In this module, the student will learn advanced XPath injection techniques, in theory and practice in Hera lab.

Pre-requisites
  • Basic understanding of HTML, HTTP and Javascript.
  • Reading and understanding PHP code will help although it is not mandatory.
  • No web development skills required.
This training course is for…
  • Penetration testers
  • Web developers
  • IT admins and staff
Labs

The WAPT course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience.

Lab IDDescriptionCategory
Lab 1Introduction – 2 Challenging LabsEducational/Challenge
Lab 2Information Gathering – 2 Challenging LabsEducational/Challenge
Lab 3Cross Site Scripting – 7 Challenging LabsEducational/Challenge
Lab 4SQL Injection – 10 Challenging LabsEducational/Challenge
Lab 5Authentication and Authorization – 14 Challenging LabsEducational/Challenge
Lab 6Session Security – 9 Challenging LabsEducational/Challenge
Lab 7Flash Security – 1 Challenging LabEducational/Challenge
Lab 8HTML5 – 4 Challenging LabsEducational/Challenge
Lab 9File and Resources Attacks – 4 Challenging LabsEducational/Challenge
Lab 10Other Attacks – 1 Challenging LabEducational/Challenge
Lab 11Web Services – 4 Challenging LabsEducational/Challenge
Lab 12XPath – 5 Challenging LabsEducational/Challenge

Call 1-800-305-3855 for  more information on available plans and pricing