Discover the All Access Pass

eLearnSecurity

WAPTX

Web Application Penetration Testing eXtreme

Curious about this course?

Enroll now and get access to all of our material and labs!

Extremely Hands-on

Practice Web App Pentesting against a number of real world web applications. WAPTX includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab

Discover Labs

Become Certified

Obtain the eWPTX certification and prove your practical skills with the only 100% practical certification on Advanced Web Application Penetration Testing

Discover eWPTX

Course at a glance

  • The most advanced course on Web App Pentesting
  • Based on techniques professional pentesters uses
  • Master Advanced Web Application Security tools
  • In depth Web Application Vulnerbailities analysis
  • XSS, SQL Injection, HTML5 and much more
  • In depth obfuscation and encoding techniques
  • Bypassing filters and WAF techniques
  • HTML5 attacks vectors and exploits
  • From the creators of Coliseum and Hack.me
  • Gives you access to dedicated forums
  • Makes you an advanced Web Application Pentester
  • After obtaining the eWPTX certification qualifies you for 40 CPE

Course material

  • 4 hours of video training material
  • Over 1100 slides
  • 50 labs in Hera Lab

Course delivery

  • Self-paced
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

Syllabus

  • Module 1 : Encoding and Filtering

    Understanding what kind of data encoding is being used and how it works is fundamental in ensuring that the tests are performed as intended, that’s why this module starts with the basics concept of Data Encoding. The next section is all about Filtering Basics, starting from a brief introduction on how to deal with Regular Expression, to understanding how to detect, fingerprint and evade Web Application Firewalls to finally conclude with analyzing the most common Client-side defensive mechanism.

  • Module 2 : Evasion Basics

    To complete course introduction it is important to study the main Evasion Techniques that starts from Base64 and not well known URI obfuscation techniques and concludes with JavaScript and PHP Obfuscation techniques.

  • Module 3 : Cross-Site Scripting

    This module is entirely dedicate to Cross-site Scripting attacks. It starts from a brief recap of the classification and after that introduces Advanced Attack Techniques and exotic XSS vectors.

  • Module 4 : XSS - Filter evasion and WAF bypassing

    This module illustrates advanced Filter Evasion and WAF bypassing techniques such as blacklisting, sanitization, browser filters and much more.

  • Module 5 : Cross-Site Request Forgery

    This module is entirely dedicate to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and after that introduces the main Attack Techniques and Vectors in order to introduce later how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.

  • Module 6 : HTML5

    This module is entirely dedicate to HTML5 and related attacks. It starts from a recap and more about this technology analyzing the main features on which to focus the attack phase. After that, it comes alive with the main Exploitation techniques and attack scenarios. After analyzed the security concerns introduced with the new HTML5 features, there is an opposite section dedicated to the security enhancements. Here are presented the main mechanisms introduced to improve the security controls.

  • Module 7 : SQL Injection

    This module is entirely dedicate to SQL Injection attacks. It starts from a brief recap of the main classification about the exploitation techniques and after that introduces Advanced Attack Techniques.

  • Module 8 : SQLi - Filter Evasion and WAF Bypassing

    In this module the student will learn advanced Filter Evasion and WAF bypassing techniques.

  • Module 9 : XML Attacks

    This module is entirely dedicate to XML attacks. It starts from a recap and more about this technology and after that jumps directly into the main related vulnerabilities such as XML Tag Injcetion, XXE, XEE and XPath Injection. For each of them are analyzed basic and advanced exploitation techniques.

Download PDF Syllabus

Pre-requisites

  • Understanding of HTML, HTTP and Javascript.
  • Reading and understanding PHP code will help although not mandatory.
  • Basic development skills required.

This training course is for...

  • Penetration testers
  • Web developers
  • IT admins and staff

Labs

The WAPTX course is a practice-based curriculum that comes integrated with Hera Lab. When you enroll in WAPTX, you can choose how much Hera lab time you need: 90/120 days with our Flat model or even 90/120 hours with the On-Demand model. The On-Demand model lets you use the lab at any time, enjoying new labs when they are available.

Lab IDDescriptionCategory
Lab 1 XSS - 11 challenging labs Educational
Lab 2 XSRF - 5 challenging labs Educational
Lab 3 SQL Injection - 10 challenging labs Educational
Lab 4 Second-order SQLi - 7 challenging labs Educational
Lab 5 SQLi Playground - 4 test environments to play with Educational
Lab 6 XML Injection - 3 challenging labs Educational
Lab 7 XML External Entities - 7 challenging labs Educational
Lab 8 XML Entity Expansion - 4 challenging labs Educational

Certification

Get eWPTX Certification

eLearnSecurity's eWPTX certification is the most practical AND professionally oriented certification you can obtain in web application penetration testing

Learn more

Instructor

  • Giuseppe Trotta
    Giuseppe Trotta

    I'm a constant seeker and maker of troubles, virtualization junkie and puzzle addicted. A simple man...with complex tastes. Sometimes I lose myself within [object Window].

Enroll now and get access to all of our material and labs!

Frequently Asked Questions

  • What software/hardware requirements are there?

    Any web browser (for IE version 8+ is required) is supported. If you run Kali Linux/Backtrack as a virtual machine you will need at least 2GB of RAM. Minimum internet speed of 512 Kbit/s recommended for video streaming

  • How do you provide support?

    As soon as you enroll in one of our courses you are provided with access to private forums (subject to the plan selected) where you will find instructors and community managers available to help you 24/7. Support for billing, technical and exam-related questions is also provided by email.

  • How can I pay for the training course fees?

    All major credit cards, Paypal and bank transfer are supported. Installment plans available.

  • What happens when there's a new update to the contents?

    Minor updates such as bug fixes or additional labs are provided for free. Major releases (e.g. upgrade from 2.0 to 3.0) require an upgrade fee. We reserve the right to issue minor or major updates when we see the need.

  • Can I request a refund if contents are too difficult for me?

    We only process refunds/chargebacks for fraudulent transactions.

  • What is the difference between installment and one-off payment plans?

    Subscriptions let you split the enrollment fees in 3 or 4 months. You will receive new contents upon every billing cycle. If we don't receive the payment within 14 days from the due date the account will be frozen until payment is cleared.

  • Can I cancel an installment plan?

    You can cancel your subscription at any time, however you will lose access to the material you purchased in the meantime.

  • Are there any hidden fees?

    There are no hidden fees. If you are from a country where VAT is required (most EU countries), you have to add VAT to our ticket price. We are legally obligated to collect VAT on your purchases.

Reviews

The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Go to top of page