eLearnSecurity

WAPTX v2

Web Application Penetration Testing eXtreme

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing

INDIVIDUALS

View enrollment pricing for individual students.

CORPORATE

Purchase eLearnSecurity courses for your company.

Extremely Hands-on

Practice Web App Pentesting against a number of real-world web applications. WAPTX includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab.

Discover Labs

Become Certified

Obtain the eWPTXv2 certification and prove your practical skills with the only 100% practical certification on Advanced Web Application Penetration Testing.

Discover eWPTXv2

Course at a glance

  • The most advanced course on Web App Pentesting
  • Based on techniques professional pentesters use
  • Master advanced Web Application attacks & security tools
  • In-depth Web Application Vulnerabilities analysis
  • Covers XSS, SQL Injection, HTML5 and much more
  • In-depth obfuscation and encoding techniques
  • Bypassing filters and WAF techniques included
  • Explore HTML5 and XML attacks vectors and exploits
  • Explore advanced PHP, Java, Deserialization, LDAP, Server Side, and Authentication/SSO attacks
  • Learn effective API & Cloud-powered Application penetration testing
  • Demystifies Java RCE internals, attacking RMI-based JMX services, JNDI injection attacks, PHP Objection Instantiation, PHP Type Juggling, constructing Property Oriented Programming chains and attacking memory-unsafe languages
  • Access to dedicated forums
  • Makes you an advanced Web Application Pentester
  • After obtaining the eWPTX certification qualifies you for 40 CPE

Course material

  • HQ video training material
  • 1750+ slides
  • 70+ Hera labs

Course delivery

  • Self-paced, HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.

Syllabus

  • Module 1 : Encoding and Filtering

    The first module of this course is not just another module on encoding. It provides some esoteric encoding skills that will be helpful during the rest of the course. Understanding what kind of data encoding is used and how it works is fundamental and ensures that the tests are performed as intended, which is why this module starts with the basic concept of data encoding. The Encoding and Filtering module is about filtering basics, starting from a brief introduction on how to deal with regular expression, to understanding how to detect, fingerprint and evade web application firewalls. We conclude by analyzing the most common client-side defensive mechanism.

  • Module 2 : Evasion Basics

    The Evasion Basics module provides advanced coverage of most modern filter evasion techniques using different client-side and server-side languages. To ensure that you have a complete understanding of filters and encoding, the main evasion techniques that start from Base64 and lesser-known URI obfuscation techniques and concludes with JavaScript and PHP obfuscation techniques are introduced.

  • Module 3 : Cross-Site Scripting

    Module three is entirely dedicated to cross-site scripting attacks. It starts with a brief recap of the different types of XSS and then introduces advanced attacking techniques and exotic XSS vectors. This module also covers how to use the most advanced tools available and exploit any XSS.

  • Module 4 : XSS - Filter Evasion and WAF Bypassing

    In this module, the student will learn about advanced filter evasion and WAF bypassing techniques. Starting from simple blacklisting filters, the student will go through different mechanisms to bypass common input sanitization techniques, browser filters and much more. The student will not only find a number of well-known vectors but will also understand how to find new ones. At the end of this module, the student will be able to recognize the presence of WAF’s and filters and implement effective bypassing techniques.

  • Module 5 : Cross-Site Request Forgery

    This module is entirely dedicated to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and then introduces the main Attack Techniques and Vectors in order to later introduce how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.

  • Module 6 : HTML5

    Module six is entirely dedicated to HTML5 and its attack vectors. It starts with a recap of this language, analyzing the main features to focus our security research, and then dives deep into the main exploitation techniques and attack scenarios. Once the security concerns related to HTML5 features are analyzed, the student will learn about the most common security mechanisms developers use. These are critical in understanding how to leverage even more sophisticated attacks. The module concludes with an analysis of the UI redressing attacks and an overview of related attack vectors introduced with HTML5.

  • Module 7 : SQL Injection

    This module is entirely dedicated to SQL injection attacks, which recaps the main classification of exploitation techniques and then introduces advanced attack techniques on different DBMS’s.

  • Module 8 : SQLi - Filter Evasion and WAF Bypassing

    In this advanced module, the student will learn about advanced filter evasion and WAF bypassing techniques. These foundational skills will be necessary to understand and master further techniques. By the end of this module, the student will be able to recognize the presence of WAF’s and filters and implement effective bypassing techniques.

  • Module 9 : XML Attacks

    Module nine is entirely dedicated to XML attacks, which starts with a recap of this language and then dives into the most modern attacks, such as XML Tag Injection, XXE, XEE, and XPath Injection. For each of them, basic and advanced exploitation techniques are analyzed. By the end of this module, the student will be able to pentest complex applications using XML.

  • Module 10 : Attacking Serialization (NEW!)

    In this module, you will learn about serialization and deserialization in Java, PHP, and .NET. We also present untypical serialization that you may come across during web application penetration testing. By the end of the module, you should have a better understanding of serialization mechanisms and how to find/exploit untrusted deserialization in common web technologies.

  • Module 11 : Server Side Attacks (NEW!)

    In this module, you will come to understand how user-supplied input can sometimes be insecurely handled by back-end logic, as well as learn how to find and exploit server-side bugs. Specifically, during this module, you will learn how Server Side Request Forgery, Server Side Include, Edge Side Include, Server Side Template Injection, and Expression Language Injection attacks work. Attacking XSLT engines is also covered. Note that the abovementioned attacks can have quite an impact on the overall security of an application since they can lead to not only sensitive information leakage but remote code execution as well.

  • Module 12 : Attacking Crypto (NEW!)

    This module will focus on identifying and attacking flawed or poorly constructed crypto implementations. Attacks such as Known Plaintext, Padding Oracle, Hash Length Extension and Authorization bypass via .NET machine key will be covered.

  • Module 13 : Attacking Authentication & SSO (NEW!)

    In module thirteen, you will have the opportunity to study advanced attacks against various Authentication and Single Sign On implementations. Before covering the attacks,you will dive into each implementation’s internals, security shortcomings, and common misconfigurations. SAML, OAuth, JWT, and others will be covered.

  • Module 14 : Pentesting APIs & Cloud Applications (NEW!)

    APIs can be found in any IT aspect nowadays, from web and mobile applications all the way to IOT solutions and the cloud. It is of paramount importance for a penetration tester to be able to perform a thorough penetration test against an API. This module will cover in detail the most effective attacking tactics against APIs and Cloud-powered applications.

  • Module 15 : Attacking LDAP-based Implementations (NEW!)

    For numerous reasons, a web application can make use of LDAP (query objects from a directory database, authentication, management, etc.). In this module, you will learn how to exploit vulnerable LDAP-based implementations. Specifically, you will learn all about LDAP basics, LDAP injections, and LDAP manipulation/poisoning.

Download PDF Syllabus

Pre-requisites

  • Deep understanding of HTML, HTTP, Server-side languages, XML, JavaScript.
  • Good understanding and practical proficiency of XSS, XSRF, SQLi and basic HTML5 attacks.
  • Ability to read and understand PHP code will help, although it is not mandatory.
  • Basic development skills required.

This training course is for...

  • Penetration Testers
  • Web developers
  • IT admins and staff

Labs

The WAPTX course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN. Modules will be accompanied by hands-on labs.

Lab IDDescriptionCategory
Lab 1 XSS - 11 challenging labs-The Find Me! labs do not need any kind of introduction! Each level generates HTML in an unsafe way and you have to bypass some server-side PHP filters. Practical
Lab 2 XSRF - 5 challenging labs-In these labs, you are a soft-administrator of the Pawn Own Shop! and have decided to add your friend Malice to the administrator list. However, you unable to, as only Mrs. Gallegos can do it. Practical
Lab 3 SQL Injection - 10 challenging labs-You are a pentester, and "Web statistics" hired you to pentest their browsers statistic application. The application stores information about browsers in a DB. Practical
Lab 4 Second-order SQLi - 7 challenging labs-In this SQL Injection second-order lab, you will have to find and exploit a SQL injection and use different techniques to bypass filters and application security mechanisms. Practical
Lab 5 SQLi Playground - 4 test environments to play with-In this SQL Injection Playground lab, you can test any query on different DMBS's and Operating Systems. By opening the page http://info.sqli.test the student can access the main page of the lab andselect the DMBS to use (MySQL Win/Lin, MSSQL and Oracle). Practical
Lab 6 XML Injection - 3 challenging labs-In the XML TAG (Fragment Injection) labs, you will learn how to attack XML parsers in order to inject contextualized data that will alter the structure of the document without changing its validity. Practical
Lab 7 XML External Entities - 7 challenging labs-In the XML eXternal Entities Injection labs, you will learn how to exploit this kind of vulnerability, overcoming difficulty levels of increasing complexity. Note, the first levels are easy but are fundamental to build the advanced exploitation required in the final levels. Practical
Lab 8 XML Entity Expansion - 4 challenging labs-During these labs, the student will learn how to exploit XML Entities eXpansion overcoming increasingly difficult levels. The initial levels are easy but fundamental to build the advanced exploitation required in the final levels. Practical
Lab 9 Deserialization Playground - 4 challenging labs - • Java Insecure Deserialization (2 scenarios): You are placed in an unknown network. Find and exploit the vulnerable web application. Your target is to identify the vulnerability, find exploitable conditions,and achieve remote code execution. • PHP Insecure Deserialization: You are presented with a web application of unknown purpose. Discover its mechanics and achieve code execution. • PHP Insecure Deserialization: You are presented with a web application of unknown purpose. Discover its mechanics and achieve code execution. • .NET Insecure Deserialization: You are placed in an unknown network. Examine the target machine and find a SOAP-based .NET deserialization vulnerability. Practical
Lab 10 Server Side Attacks - 2 challenging labs- • SSRF to RCE: Your target is an application server. Your goal is to find a SSRF vulnerability and use it to speak with a restricted service. The ultimate goal is to achieve remote code execution. While this challenge might look like a sophisticated lab task, this is a multi-staged exploit chain that has already been met multiple times in real-life scenarios. The lab is an educational one, so feel free to use the hints placed in the lab manual. • Insecure RMI: You are placed in an unknown network. Using nmap, discover a Remote Method Invocation interface and achieve code execution. Educational
Lab 11 Java Application Attacks - 2 challenging labs- • HTML Adapter to Root: You are placed in an unknown network. Using nmap, discover an administrative console and explore it in order to find a critical misconfiguration. • Insecure RMI: You are placed in an unknown network. Using nmap, discover a Remote Method Invocation interface and achieve code execution. Practical
Lab 12 Padding Oracle Attack-In this lab, students will have the opportunity to perform a padding oracle attack against a vulnerable application Practical
Lab 13 Attacking OAuth-In this lab, students will have the opportunity to attack and exploitaninsecure OAuth implementation.Always consult with the manual. Practical
Lab 14 Null Origin Exploitation-There is a sample website that holds a secret token. Your task is to prepare an exploit that takes advantage of a CORS configuration on secret.php and, once opened in another tab, access and send the secret information to another place in the same way an XSS can steal a cookie. Practical
Lab 15 Attacking LDAP-In this lab, students will have the opportunity to practice LDAP injection. Practical
Lab 16 Advanced Web Application Exploitation - 11 challenging labs - In this lab, students will have the opportunity to explore and practice Java RCE internals, attacking RMI-based JMX services, JNDI injection attacks, PHP Objection Instantiation attacks, PHP Type Juggling, constructing Property Oriented Programming chains and attacking memory-unsafe languages Practical

Certification

Get the eWPTXv2 Certification

eLearnSecurity's eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme) certification is the most practical and professionally oriented certification you can obtain in web application penetration testing.

Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a web application. This penetration test is modeled after a real-world scenario.

Not only do you have to try different methodologies to conduct a thorough penetration test, but you will also be asked to write a complete report as part of your evaluation. These are the same kinds of reports that will make you a valuable asset in the corporate sector.

Learn more

Instructors

  • Łukasz Mikuła
    Łukasz Mikuła

    Łukasz Mikuła is a self-taught white-hat hacker and penetration tester who enjoys both learning and sharing his knowledge with others. Upon reaching a certain level of expertise in the field of IT Security, he started working as a penetration tester for a financial institution where he performed various tasks related to penetration testing: application and network security assessment, reverse engineering and red teaming. He has many vulnerabilities submitted and accepted by vendors like IBM and Oracle, which is visible in their patch advisories. Currently, Łukasz is an IT Security Trainer and Researcher at eLearnSecurity, where he continues to share his passion and knowledge of the field to help others learn and grow in their careers. In his spare time, he is an active penetration tester and still sharpens his skills by participating in bug bounty programs, as well as helping companies and organizations build secure environments.

  • Dimitrios Bougioukas
    Dimitrios Bougioukas

    Dimitrios Bougioukas, Training Director of eLearnSecurity, holds a B.Sc. in Computer Science from the Athens University of Economics and Business. He has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution, as a Penetration Tester within EY's practice, and as a Senior IT Security Researcher and Trainer within eLearnSecurity. Dimitrios specializes in advanced cyber threat simulation, threat intelligence, and purple team tactics. He has been engaged in numerous penetration testing activities against critical infrastructure, web applications, and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgments from security, telecom, and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG, etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.

Previous Authors

Previous Authors include Giuseppe Trotta

Enroll now and get access to all of our material and labs!

Reviews

The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Go to top of page