Call 1-800-305-3855 for more information on available plans and pricing
Study at your own pace
WAPT comes with life-time access to course material and flexible access to the most sophisticated virtual labs on Web Application Securityi and Penetration Testing: Hera Lab
Practice Web App Pentesting against a number of real world web applications.
Obtain the eWPT certification and prove your practical skills with the only 100% practical certification on Web Application Penetration Testing
Course at a glance
- Start from the very basics
- Covers OWASP TOP 10 2013 and beyond
- Master Burp Suite
- In depth Web application analysis and information gathering
- XSS & SQL Injection
- Session related vulnerabilites
- HTML5 attacks
- Start fromWeb Application Attacks and land to Network and Infrastructure Penetration Testing
- Gives you access to dedicated forums
- Makes you a proficient professional pentester
- After obtaining the eWPT certification qualifies you for 40 CPE
- 5+ hours of video training material
- Over 1800 slides
- 56 Labs
- Self-paced / HTML5, PDF, MP4
- Off-line access available
- Access from PC, Tablet and Smartphone
- Module 1 : Penetration Testing Process
This module the student will learn the methodologies and the reporting best practice in order to become a confident and professional penetration tester.
- Module 2 : Introduction to Web Applications
In this module the student will understand the basics of Web applications. An in-depth coverage of the Same Origin Policy in its latest developments and the Cookie RFC will help experienced and non-experienced penetration testers gain critical foundational skills useful for the rest of the training course.
- Module 3 : Information Gathering
Let the Penetration test start! Every penetration test begins with the Information gathering phase.
- Module 4 : Cross Site Scripting
In this module he most widespread web application vulnerability will be dissected and studied in all its parts. Students will gain all the skills needed to fully unleash the power of cross site scripting exploitation!
- Module 5 : SQL Injection
In this module will be studied the most advanced techniques to find and exploit SQL Injections.
- Module 6 : Authentication and Authorization
During this module, the student will learn the most common authentication mechanisms, their weaknesses and the related attacks.
- Module 7 : Session Security
The student will learn how sessions work and what are the most common attacking patterns. Moreover they will study how to prevent session attacks.
- Module 8 : Flash
The student will first study the Flash security model and its pitfalls. Then will use the most recent tools to find and exploit vulnerabilities in Flash files.
- Module 9 : HTML5
In this module we will be discussing the most important elements of HTML5: cross origin resource sharing, cross window messagins, web sockets, sandboxing and web storage. The student will learn how to leverage these features to mount successful attacks.
- Module 10 : Files and Resources Attacks
The student will learn how to identify and exploit path traversal, file inclusion and unrestricted file upload vulnerabilities.
- Module 11 : Other Attacks
The student will practice a number of vulnerabilities that, despite being less known or publicized, are still affecting a number of web applications.
- Module 12 : Web Services
During this highly in depth module the student will first become familiar with web services paradigms and protocols and then learn all the most important related security issues.
- Module 13 : XPath
In this module, the student will learn advanced XPath injection techniques, in theory and practice in Hera lab.
- Reading and understanding PHP code will help although it is not mandatory.
- No web development skills required.
This training course is for…
- Penetration testers
- Web developers
- IT admins and staff
The WAPT course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience.
|Lab 1||Introduction – 2 Challenging Labs||Educational/Challenge|
|Lab 2||Information Gathering – 2 Challenging Labs||Educational/Challenge|
|Lab 3||Cross Site Scripting – 7 Challenging Labs||Educational/Challenge|
|Lab 4||SQL Injection – 10 Challenging Labs||Educational/Challenge|
|Lab 5||Authentication and Authorization – 14 Challenging Labs||Educational/Challenge|
|Lab 6||Session Security – 9 Challenging Labs||Educational/Challenge|
|Lab 7||Flash Security – 1 Challenging Lab||Educational/Challenge|
|Lab 8||HTML5 – 4 Challenging Labs||Educational/Challenge|
|Lab 9||File and Resources Attacks – 4 Challenging Labs||Educational/Challenge|
|Lab 10||Other Attacks – 1 Challenging Lab||Educational/Challenge|
|Lab 11||Web Services – 4 Challenging Labs||Educational/Challenge|
|Lab 12||XPath – 5 Challenging Labs||Educational/Challenge|