Web Application Penetration Testing eXtreme

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing


View enrollment fees for individual students.


Purchase eLearnSecurity courses for your company.

Extremely Hands-on

Practice Web App Pentesting against a number of real world web applications. WAPTX includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab

Discover Labs

Become Certified

Obtain the eWPTX certification and prove your practical skills with the only 100% practical certification on Advanced Web Application Penetration Testing

Discover eWPTX

Course at a glance

  • The most advanced course on Web App Pentesting
  • Based on techniques professional pentesters uses
  • Master Advanced Web Application Security tools
  • In depth Web Application Vulnerbailities analysis
  • XSS, SQL Injection, HTML5 and much more
  • In depth obfuscation and encoding techniques
  • Bypassing filters and WAF techniques
  • HTML5 attacks vectors and exploits
  • From the creators of Coliseum and Hack.me
  • Gives you access to dedicated forums
  • Makes you an advanced Web Application Pentester
  • After obtaining the eWPTX certification qualifies you for 40 CPE

Course material

  • 4 hours of video training material
  • Over 1100 slides
  • 50 labs in Hera Lab

Course delivery

  • Self-paced
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.


  • Module 1 : Encoding and Filtering

    Understanding what kind of data encoding is being used and how it works is fundamental in ensuring that the tests are performed as intended, that’s why this module starts with the basics concept of Data Encoding. The next section is all about Filtering Basics, starting from a brief introduction on how to deal with Regular Expression, to understanding how to detect, fingerprint and evade Web Application Firewalls to finally conclude with analyzing the most common Client-side defensive mechanism.

  • Module 2 : Evasion Basics

    To complete course introduction it is important to study the main Evasion Techniques that starts from Base64 and not well known URI obfuscation techniques and concludes with JavaScript and PHP Obfuscation techniques.

  • Module 3 : Cross-Site Scripting

    This module is entirely dedicate to Cross-site Scripting attacks. It starts from a brief recap of the classification and after that introduces Advanced Attack Techniques and exotic XSS vectors.

  • Module 4 : XSS - Filter evasion and WAF bypassing

    This module illustrates advanced Filter Evasion and WAF bypassing techniques such as blacklisting, sanitization, browser filters and much more.

  • Module 5 : Cross-Site Request Forgery

    This module is entirely dedicate to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and after that introduces the main Attack Techniques and Vectors in order to introduce later how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.

  • Module 6 : HTML5

    This module is entirely dedicate to HTML5 and related attacks. It starts from a recap and more about this technology analyzing the main features on which to focus the attack phase. After that, it comes alive with the main Exploitation techniques and attack scenarios. After analyzed the security concerns introduced with the new HTML5 features, there is an opposite section dedicated to the security enhancements. Here are presented the main mechanisms introduced to improve the security controls.

  • Module 7 : SQL Injection

    This module is entirely dedicate to SQL Injection attacks. It starts from a brief recap of the main classification about the exploitation techniques and after that introduces Advanced Attack Techniques.

  • Module 8 : SQLi - Filter Evasion and WAF Bypassing

    In this module the student will learn advanced Filter Evasion and WAF bypassing techniques.

  • Module 9 : XML Attacks

    This module is entirely dedicate to XML attacks. It starts from a recap and more about this technology and after that jumps directly into the main related vulnerabilities such as XML Tag Injcetion, XXE, XEE and XPath Injection. For each of them are analyzed basic and advanced exploitation techniques.

Download PDF Syllabus


  • Understanding of HTML, HTTP and Javascript.
  • Reading and understanding PHP code will help although not mandatory.
  • Basic development skills required.

This training course is for...

  • Penetration testers
  • Web developers
  • IT admins and staff


The WAPTX course is a practice-based curriculum that comes integrated with Hera Lab.

Lab IDDescriptionCategory
Lab 1 XSS - 11 challenging labs Educational
Lab 2 XSRF - 5 challenging labs Educational
Lab 3 SQL Injection - 10 challenging labs Educational
Lab 4 Second-order SQLi - 7 challenging labs Educational
Lab 5 SQLi Playground - 4 test environments to play with Educational
Lab 6 XML Injection - 3 challenging labs Educational
Lab 7 XML External Entities - 7 challenging labs Educational
Lab 8 XML Entity Expansion - 4 challenging labs Educational


Get eWPTX Certification

eLearnSecurity's eWPTX certification is the most practical AND professionally oriented certification you can obtain in web application penetration testing

Learn more


  • Giuseppe Trotta
    Giuseppe Trotta

    Giuseppe is a web application security researcher with over 7 years of experience, author of WAPT and WAPTX courses.

Enroll now and get access to all of our material and labs!


The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Go to top of page