WAPT comes with life-time access to course material and flexible access to the most sophisticated virtual labs on Web Application Securityi and Penetration Testing: Hera Lab.
Enroll now and get access to all of our material and labs!
This module the student will learn the methodologies and the reporting best practice in order to become a confident and professional penetration tester.
In this module the student will understand the basics of Web applications. An in-depth coverage of the Same Origin Policy in its latest developments and the Cookie RFC will help experienced and non-experienced penetration testers gain critical foundational skills useful for the rest of the training course.
Let the Penetration test start! Every penetration test begins with the Information gathering phase.
In this module he most widespread web application vulnerability will be dissected and studied in all its parts. Students will gain all the skills needed to fully unleash the power of cross site scripting exploitation!
In this module will be studied the most advanced techniques to find and exploit SQL Injections.
During this module, the student will learn the most common authentication mechanisms, their weaknesses and the related attacks.
The student will learn how sessions work and what are the most common attacking patterns. Moreover they will study how to prevent session attacks.
The student will first study the Flash security model and its pitfalls. Then will use the most recent tools to find and exploit vulnerabilities in Flash files.
In this module we will be discussing the most important elements of HTML5: cross origin resource sharing, cross window messagins, web sockets, sandboxing and web storage. The student will learn how to leverage these features to mount successful attacks.
The student will learn how to identify and exploit path traversal, file inclusion and unrestricted file upload vulnerabilities.
The student will practice a number of vulnerabilities that, despite being less known or publicized, are still affecting a number of web applications.
During this highly in depth module the student will first become familiar with web services paradigms and protocols and then learn all the most important related security issues.
In this module, the student will learn advanced XPath injection techniques, in theory and practice in Hera lab.
The WAPT course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience.
|Lab 1||Introduction - 2 Challenging Labs||Educational/Challenge|
|Lab 2||Information Gathering - 2 Challenging Labs||Educational/Challenge|
|Lab 3||Cross Site Scripting - 7 Challenging Labs||Educational/Challenge|
|Lab 4||SQL Injection - 10 Challenging Labs||Educational/Challenge|
|Lab 5||Authentication and Authorization - 14 Challenging Labs||Educational/Challenge|
|Lab 6||Session Security - 9 Challenging Labs||Educational/Challenge|
|Lab 7||Flash Security - 1 Challenging Lab||Educational/Challenge|
|Lab 8||HTML5 - 4 Challenging Labs||Educational/Challenge|
|Lab 9||File and Resources Attacks - 4 Challenging Labs||Educational/Challenge|
|Lab 10||Other Attacks - 1 Challenging Lab||Educational/Challenge|
|Lab 11||Web Services - 4 Challenging Labs||Educational/Challenge|
|Lab 12||XPath - 5 Challenging Labs||Educational/Challenge|
Armando Romeo is the founder and CEO of eLearnSecurity. Prior to founding eLearnSecurity he has spent 5 years in web application security research with hundreds of vulnerability advisories released. Armando currently leads the R&D team and inspires new projects and new training activities.
Domenico has joined eLearnSecurity since day 0 where now serves as CTO and Tech lead of all the R&D projects. In 2010 Domenico has put the Coliseum Framework to life. The Coliseum today allows free 100% practical training through the HACK.ME project of which Domenico is Tech lead. Domenico has authored all the materials appearing in the WAPT v1 and over 30 labs.
Francesco Stillavato is Senior IT Security researcher and instructor at eLearnSecurity with 7 years of experience in different aspects of Information Security. His experience spans from web application secure coding to secure network design. He has contributed to the Joomla project as a Developer and has conducted a number of assessments as a freelance. Francesco Stillavato's research is now focused on Mobile Application Penetration Testing on Android and iOS. Publications: Francesco is the co-author of the Penetration Testing Professional, Mobile Application Security and Penetration Testing, Penetration Testing Student, Web Application Penetration Testing courses and author of many Hera Lab scenarios. Education: Francesco Stillavato holds a Master's Degree in Information Security from Università di Pisa
Davide Girardi is an instructor at eLearnSecurity with 9 years of experience in attacking and defending enterprise systems and networks. Davide has a strong technical background on network security and efficiency. Davide's research focuses on exploit development and advanced attacks. He is co-author of the Penetration Testing Student and author of many Hera Lab scenarios. Education: Davide holds a Master's Degree in Computer Engineering and Computer Science.
Enroll now and get access to all of our material and labs!
Any web browser (for IE version 8+ is required) is supported. If you run Kali Linux as a virtual machine you will need at least 2GB of RAM. Minimum internet speed of 512 Kbit/s recommended for video streaming
As soon as you enroll in one of our courses you are provided with access to private forums (subject to the plan selected) where you will find instructors and community managers available to help you 24/7. Support for billing, technical and exam-related questions is also provided by email.
All major credit cards, Paypal and bank transfer are supported. Installment plans available.
Minor updates such as bug fixes or additional labs are provided for free. Major releases (e.g. upgrade from 2.0 to 3.0) require an upgrade fee. We reserve the right to issue minor or major updates when we see the need.
We only process refunds/chargebacks for fraudulent transactions.
Subscriptions let you split the enrollment fees in 3 or 4 months. You will receive new contents upon every billing cycle. If we don't receive the payment within 14 days from the due date the account will be frozen until payment is cleared.
You can cancel your subscription at any time, however you will lose access to the material you purchased in the meantime.
There are no hidden fees. If you are from a country where VAT is required (most EU countries), you have to add VAT to our ticket price. We are legally obligated to collect VAT on your purchases.
The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen
Manager Consulting Pty Ltd
Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.
eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.
Timothy E. Everson