WebApp Pentest Bootcamp

Skip to Scheduled Dates

Course Overview

This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You’ll gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker.

The primary focus is learning by doing, with each module focusing on real-world techniques. By the end of the bootcamp, you’ll be well on your way to taking on the Practical Junior Web Tester (PJWT) certification.

Who Should Attend

  • Aspiring Penetration Testers and Cybersecurity Professionals
  • Beginner web application penetration testers looking to validate their skills.
  • People who have a keen interest in web applications and how they can be exploited.
  • Individuals looking for extra guidance as they study for the PJPT or PWPA.
  • Anyone looking to advance their knowledge, skills, and methodologies
  • Intermediate-level web app pentesters who are looking to go beyond the fundamentals to understand how web apps work and what makes them vulnerable.
  • People who have a keen interest in web applications and how they can be exploited.
  • Anyone with some experience in web application development looking to gain some experience with security.
  • Students looking to prepare for the Practical Web Penetration Tester (PWPT) exam.

Course Outline

1 - Introduction, how web apps work, HTTP, intercepting traffic

  • Web app components
  • HTTP, encoding, routed vs non-routes applications

2 - Attacking authentication

  • What is authentication, common authentication mechanisms
  • MFA
  • Logic issues & password resets
  • Enumeration via response timing

3 - Attacking access control

  • What is access control, common access control mechanisms
  • Client-side controls
  • Header-based access controls

4 - SQL injection

  • Introduction to SQL & SQL injection
  • SQLi to bypass authentication
  • Exfiltrating information, enumerating tables and columns
  • Stacked queries & filter bypasses
  • Blind SQLi

5 - Command injection

  • Introduction to command injection
  • Blind command injection
  • OOB command injection

6 – XXE

  • Introduction to XXE

7 - Directory traversal

8 - Insecure file uploads

9 - SSRF

10 - XSS

11 – CSRF

12 - Scanning, filter bypasses, WAF bypasses

13 - Logic flaws

14 - Bringing it all together - building a methodology

15 - Doing a pentest

< Back to Course Search

Class Dates & Times

Class times are listed Eastern time
‘GTR’ = Guaranteed to Run

This is a 4-day class

Price: $2,499.00

Class dates not listed.
Please contact us for available dates and times.