WAPTX comes with life-time access to course material and flexible access to the most sophisticated virtual labs on Network and Web Application Security.
Enroll now and get access to all of our material and labs!
Plans and Pricing
The first module of this course is not just another module on encoding. It provides some esoteric encoding skills that will be helpful during the rest of the course. Understanding what kind of data encoding is used and how it works is fundamental and ensures that the tests are performed as intended, which is why this module starts with the basic concept of data encoding. The Encoding and Filtering module is about filtering basics, starting from a brief introduction on how to deal with regular expression, to understanding how to detect, fingerprint and evade web application firewalls. We conclude by analyzing the most common client-side defensive mechanism.
Module three is entirely dedicated to cross-site scripting attacks. It starts with a brief recap of the different types of XSS and then introduces advanced attacking techniques and exotic XSS vectors. This module also covers how to use the most advanced tools available and exploit any XSS.
In this module, the student will learn about advanced filter evasion and WAF bypassing techniques. Starting from simple blacklisting filters, the student will go through different mechanisms to bypass common input sanitization techniques, browser filters and much more. The student will not only find a number of well-known vectors but will also understand how to find new ones. At the end of this module, the student will be able to recognize the presence of WAF’s and filters and implement effective bypassing techniques.
This module is entirely dedicated to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and then introduces the main Attack Techniques and Vectors in order to later introduce how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.
Module six is entirely dedicated to HTML5 and its attack vectors. It starts with a recap of this language, analyzing the main features to focus our security research, and then dives deep into the main exploitation techniques and attack scenarios. Once the security concerns related to HTML5 features are analyzed, the student will learn about the most common security mechanisms developers use. These are critical in understanding how to leverage even more sophisticated attacks. The module concludes with an analysis of the UI redressing attacks and an overview of related attack vectors introduced with HTML5.
This module is entirely dedicated to SQL injection attacks, which recaps the main classification of exploitation techniques and then introduces advanced attack techniques on different DBMS’s.
In this advanced module, the student will learn about advanced filter evasion and WAF bypassing techniques. These foundational skills will be necessary to understand and master further techniques. By the end of this module, the student will be able to recognize the presence of WAF’s and filters and implement effective bypassing techniques.
Module nine is entirely dedicated to XML attacks, which starts with a recap of this language and then dives into the most modern attacks, such as XML Tag Injection, XXE, XEE, and XPath Injection. For each of them, basic and advanced exploitation techniques are analyzed. By the end of this module, the student will be able to pentest complex applications using XML.
In this module, you will learn about serialization and deserialization in Java, PHP, and .NET. We also present untypical serialization that you may come across during web application penetration testing. By the end of the module, you should have a better understanding of serialization mechanisms and how to find/exploit untrusted deserialization in common web technologies.
In this module, you will come to understand how user-supplied input can sometimes be insecurely handled by back-end logic, as well as learn how to find and exploit server-side bugs. Specifically, during this module, you will learn how Server Side Request Forgery, Server Side Include, Edge Side Include, Server Side Template Injection, and Expression Language Injection attacks work. Attacking XSLT engines is also covered. Note that the abovementioned attacks can have quite an impact on the overall security of an application since they can lead to not only sensitive information leakage but remote code execution as well.
This module will focus on identifying and attacking flawed or poorly constructed crypto implementations. Attacks such as Known Plaintext, Padding Oracle, Hash Length Extension and Authorization bypass via .NET machine key will be covered.
In module thirteen, you will have the opportunity to study advanced attacks against various Authentication and Single Sign On implementations. Before covering the attacks,you will dive into each implementation’s internals, security shortcomings, and common misconfigurations. SAML, OAuth, JWT, and others will be covered.
APIs can be found in any IT aspect nowadays, from web and mobile applications all the way to IOT solutions and the cloud. It is of paramount importance for a penetration tester to be able to perform a thorough penetration test against an API. This module will cover in detail the most effective attacking tactics against APIs and Cloud-powered applications.
For numerous reasons, a web application can make use of LDAP (query objects from a directory database, authentication, management, etc.). In this module, you will learn how to exploit vulnerable LDAP-based implementations. Specifically, you will learn all about LDAP basics, LDAP injections, and LDAP manipulation/poisoning.
The WAPTX course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN. Modules will be accompanied by hands-on labs.
|Lab 1||XSS - 11 challenging labs-The Find Me! labs do not need any kind of introduction! Each level generates HTML in an unsafe way and you have to bypass some server-side PHP filters.||Practical|
|Lab 2||XSRF - 5 challenging labs-In these labs, you are a soft-administrator of the Pawn Own Shop! and have decided to add your friend Malice to the administrator list. However, you unable to, as only Mrs. Gallegos can do it.||Practical|
|Lab 3||SQL Injection - 10 challenging labs-You are a pentester, and "Web statistics" hired you to pentest their browsers statistic application. The application stores information about browsers in a DB.||Practical|
|Lab 4||Second-order SQLi - 7 challenging labs-In this SQL Injection second-order lab, you will have to find and exploit a SQL injection and use different techniques to bypass filters and application security mechanisms.||Practical|
|Lab 5||SQLi Playground - 4 test environments to play with-In this SQL Injection Playground lab, you can test any query on different DMBS's and Operating Systems. By opening the page http://info.sqli.test the student can access the main page of the lab andselect the DMBS to use (MySQL Win/Lin, MSSQL and Oracle).||Practical|
|Lab 6||XML Injection - 3 challenging labs-In the XML TAG (Fragment Injection) labs, you will learn how to attack XML parsers in order to inject contextualized data that will alter the structure of the document without changing its validity.||Practical|
|Lab 7||XML External Entities - 7 challenging labs-In the XML eXternal Entities Injection labs, you will learn how to exploit this kind of vulnerability, overcoming difficulty levels of increasing complexity. Note, the first levels are easy but are fundamental to build the advanced exploitation required in the final levels.||Practical|
|Lab 8||XML Entity Expansion - 4 challenging labs-During these labs, the student will learn how to exploit XML Entities eXpansion overcoming increasingly difficult levels. The initial levels are easy but fundamental to build the advanced exploitation required in the final levels.||Practical|
|Lab 9||Deserialization Playground - 4 challenging labs - • Java Insecure Deserialization (2 scenarios): You are placed in an unknown network. Find and exploit the vulnerable web application. Your target is to identify the vulnerability, find exploitable conditions,and achieve remote code execution. • PHP Insecure Deserialization: You are presented with a web application of unknown purpose. Discover its mechanics and achieve code execution. • PHP Insecure Deserialization: You are presented with a web application of unknown purpose. Discover its mechanics and achieve code execution. • .NET Insecure Deserialization: You are placed in an unknown network. Examine the target machine and find a SOAP-based .NET deserialization vulnerability.||Practical|
|Lab 10||Server Side Attacks - 2 challenging labs- • SSRF to RCE: Your target is an application server. Your goal is to find a SSRF vulnerability and use it to speak with a restricted service. The ultimate goal is to achieve remote code execution. While this challenge might look like a sophisticated lab task, this is a multi-staged exploit chain that has already been met multiple times in real-life scenarios. The lab is an educational one, so feel free to use the hints placed in the lab manual. • Insecure RMI: You are placed in an unknown network. Using nmap, discover a Remote Method Invocation interface and achieve code execution.||Educational|
|Lab 11||Java Application Attacks - 2 challenging labs- • HTML Adapter to Root: You are placed in an unknown network. Using nmap, discover an administrative console and explore it in order to find a critical misconfiguration. • Insecure RMI: You are placed in an unknown network. Using nmap, discover a Remote Method Invocation interface and achieve code execution.||Practical|
|Lab 12||Padding Oracle Attack-In this lab, students will have the opportunity to perform a padding oracle attack against a vulnerable application||Practical|
|Lab 13||Attacking OAuth-In this lab, students will have the opportunity to attack and exploitaninsecure OAuth implementation.Always consult with the manual.||Practical|
|Lab 14||Null Origin Exploitation-There is a sample website that holds a secret token. Your task is to prepare an exploit that takes advantage of a CORS configuration on secret.php and, once opened in another tab, access and send the secret information to another place in the same way an XSS can steal a cookie.||Practical|
|Lab 15||Attacking LDAP-In this lab, students will have the opportunity to practice LDAP injection.||Practical|
|Lab 16||Advanced Web Application Exploitation - 11 challenging labs - In this lab, students will have the opportunity to explore and practice Java RCE internals, attacking RMI-based JMX services, JNDI injection attacks, PHP Objection Instantiation attacks, PHP Type Juggling, constructing Property Oriented Programming chains and attacking memory-unsafe languages||Practical|
eLearnSecurity's eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme) certification is the most practical and professionally oriented certification you can obtain in web application penetration testing.
Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a web application. This penetration test is modeled after a real-world scenario.
Not only do you have to try different methodologies to conduct a thorough penetration test, but you will also be asked to write a complete report as part of your evaluation. These are the same kinds of reports that will make you a valuable asset in the corporate sector.
Łukasz Mikuła is a self-taught white-hat hacker and penetration tester who enjoys both learning and sharing his knowledge with others. Upon reaching a certain level of expertise in the field of IT Security, he started working as a penetration tester for a financial institution where he performed various tasks related to penetration testing: application and network security assessment, reverse engineering and red teaming. He has many vulnerabilities submitted and accepted by vendors like IBM and Oracle, which is visible in their patch advisories. Currently, Łukasz is an IT Security Trainer and Researcher at eLearnSecurity, where he continues to share his passion and knowledge of the field to help others learn and grow in their careers. In his spare time, he is an active penetration tester and still sharpens his skills by participating in bug bounty programs, as well as helping companies and organizations build secure environments.
Dimitrios Bougioukas, Training Director of eLearnSecurity, holds a B.Sc. in Computer Science from the Athens University of Economics and Business. He has worked as a Business Information Security Engineer and Information Security Analyst for a major financial institution, as a Penetration Tester within EY's practice, and as a Senior IT Security Researcher and Trainer within eLearnSecurity. Dimitrios specializes in advanced cyber threat simulation, threat intelligence, and purple team tactics. He has been engaged in numerous penetration testing activities against critical infrastructure, web applications, and mobile applications. In terms of research, Dimitrios has presented at information security conferences such as BSides and has received acknowledgments from security, telecom, and other major companies for finding and reporting vulnerabilities in their web applications, in a responsible manner (IBM Trusteer, LG, etc.). In the context of his professional career, his work led to international and regional information security awards in prestigious and highly competitive contests such as Retail Banker International Awards.
Previous Authors include Giuseppe Trotta
Enroll now and get access to all of our material and labs!
The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen
Manager Consulting Pty Ltd
Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.
eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.
Timothy E. Everson