Web Application Penetration Testing


4 Days


Course Description

This training is intended for beginners and intermediates, in this training will be taught how to penetrate testing of a website with various methods that are often used by hackers technically and also how to overcome these attacks. Participants will be given a special portal to access the modules and supporting files during the course, the portion of this training is 80% practice and done in stages according to the level of difficulty.

Course Objectives

After attending the course you will be able to

  • Detect vulnerabilities in web apps
  • Audit, pentest (and hack) web apps
  • Protect web apps from modern attacks
  • Harden web servers and databases
  • Optimize source code

Course Audience

  • System Engineers,
  • Web Programmers,
  • Geeks & All Other InfoSec Enthusiasts

Course Outline

Introduction to Web Apps

  • bWAPP and bee-box
  • HTTP/HTTPS Basics
  • Building Web Applications (HTML, JavaScript, PHP, ASP,…)
  • Web 2.0
  • Same-Origin Policy
  • Database Technologies
  • Hacktivism and Web Attacks

Penetration Testing

  • Web Application Penetration Testing
  • Black-Box and White-Box Testing
  • Penetration Testing Tools
  • Introduction to Kali Linux (formerly BackTrack)
  • Testing Methodologies
  • Open Web Application Security Project (OWASP)
  • Writing Reports


  • Active vs. Passive
  • Port and Web Scanners
  • Browser Add-ons
  • Crawlers and Brute Forcers
  • Intercepting Proxies

Vulnerabilities & Exploitation

  • Injections (HTML, SSI, Cmd, SQL, Blind SQL, JSON, XML/XPath,…)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Session & Authentication Issues
  • Client Side Attacks
  • Denial-of-Service (DoS)
  • Local Privilege Escalations
  • HTTP Parameter Pollution and Response Splitting
  • File Inclusions (LFI/RFI)
  • Malicious File Uploads (~ webshells)
  • Cross-Domain Attacks
  • ClickJacking & HTML5 Web Storage Issues
  • Parameter Tampering
  • Cryptographic Attacks

Vulnerability Detection

  • Intercepting Proxies
  • Open Source Assessment Tools
  • Commercial Web Scanners

Writing Secure Code

  • Input Validations
  • Stored Procedures
  • Prepared Statements
  • Additional Defenses
  • OWASP Developer Guide

Web Server Hardening

  • Apache and IIS Security
  • PHP Security
  • High Availability Techniques
  • Intrusion Detection and Prevention
  • Web Application Firewalls (WAFs)

Daftar Training:

Atau Hubungi Team marketing Kami:
Tititn Suryatin  0856 2488 2320 Via Telp/WA
Nita 0878 7241 2479 Via Telp/WA