Web Application Penetration Testing Online

ONL-213

...a unique offering in the security industry. While some security courses may brush over application security, or cover the security of small-scale “demo” applications, InfoSec Institute concentrates on the latest attacks against modern web applications

Pass the exam with the best type of training for you!

Streaming OnlineSelf-Paced, Value

View Instant Pricing BelowImmediate Streaming Access Only

  • Expert Computer Forensics Instructor
  • Lab Demonstrations and examples
  • Exam Review
  • Highest quality content. 90%+ pass
  • Self-Paced Training
  • Apply payment to ILT course
  • Online, DVD, Offline formats
  • Mentored Training
  • Live Instructor Support
  • Comprehensive Case Files
  • Lab Book, Text Book, Pre-Study Book
  • CWAPT Exam Fees Included
  • Complex Labs and case files
  • Group Activities and Live Case Labs
  • In-Person Learning environment
  • Training at Training Facility
  • Live Online Laptop Shipped To You
  • LAPTOP IS YOURS TO KEEP

Mentored Online

Our Most Popular Online Package

View Instant Pricing BelowLive Instructor Support - Course Materials via Fedex

  • Expert Computer Forensics Instructor
  • Lab Demonstrations and examples
  • Exam Review
  • Highest quality content. 90%+ pass
  • Self-Paced Training
  • Apply payments to Instructor-led course
  • Online, DVD, Offline formats
  • Mentored Training
  • Live Instructor Support
  • Comprehensive Case Files
  • Lab Book, Text Book, Pre-Study Book
  • CWAPT Exam Fees Included
  • Complex Labs and case files
  • Group Activities and Live Case Labs
  • In-Person Learning environment
  • Training at Training Facility
  • Live Online Laptop Shipped To You
  • LAPTOP IS YOURS TO KEEP

Live OnlineExperience our full boot camp from home

View Instant Pricing BelowOr see a full list of boot camp dates here

  • Expert Computer Forensics Instructor
  • Lab Demonstrations and examples
  • Exam Review
  • Highest quality content. 90%+ pass
  • Self-Paced Training (optional add-on)
  • Apply payments to ILT course (NA)
  • Online, DVD, other (optional add-on)
  • Mentored Training
  • Live Instructor Support
  • Comprehensive Case Files
  • Lab Book, Text Book, Pre-Study Book
  • CWAPT Exam Fees Included
  • Complex Labs & case files
  • Group Activities and Live Case Labs
  • In-Person Learning environment
  • Training at Training Facility
  • Live Online Laptop Shipped To You
  • YOU KEEP THE HACKING LAPTOP

Course Overview

InfoSec Institute's Award Winning Web Application Penetration Testing Boot Camp focuses on preparing students for the real world of Web App Pen Testing through extensive lab exercises, thought provoking lectures led by an expert instructor. We review of the entire body of knowledge as itpertains to web application pen testing through a high-energy seminar approach.

InfoSec Institute offers this award winning Web Application Penetration Testing program to train and prepare IT Security Professionals.

The highlights of this course include:

• Learn the Secrets of Web App Pen Testing in atotally hands-on classroom environment
• Learn how to exploit and defend real-world web apps – not just silly sample code
• Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
• Understand how to find Vulnerabilities in Source Code
• Take home a fully featured Web App Pen Test Toolkit
• Learn how perform OWASP Top 10 Assessments – for PCI DSS compliance 
• Leave Certified - IACRB CWAPT (Web Application Penetration Tester) Exam delivered On-Site

Intensive Hands-On Training:
The Web Application Penetration Testing course from InfoSec Institute is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps).

Typical lab exercises consist of a real-world app that demonstrates a vulnerability commonly found in a web app. You learn how to assess the app much as a black hat hacker would, exploit the app so that you can demonstrate the true risk of the vulnerability to the application owner. This can involve taking control of the application itself, downloading data the application stores, or potentially using the app as a launching pad to attack unsuspecting visitors with a malicious script. Finally, the lab will follow up with remediation steps so that the application owner can properly close down the security hole for good.

Up To Date, Current, Courseware
The threat landscape for Web Applications changes on a near continuous basis. Bad guys wishing to attack your applications know that they need to stay ahead of the curve in order to get in. For this reason, InfoSec Institute continuously updates our Web App Pen Testing courseware to cover the latest and greats threats, exploits and mitigation strategies.

Expert Instruction
InfoSec Institute instructors that teach the Web App Pen Testing course are highly seasoned and have years of in the field pen testing experience. Not only are they active in the field of pen testing, they are industry-recognized experts that present at conferences such as DEFCON, Black Hat Briefings, RSA Security. Many of our instructors have authored some of the top Penetration Testing books on the market today:


 

 

 

This hands-on course teaches you:

1. The fundamentals of modern Application Security on both .Net and Java platforms
2. Application security threats and assessment/attack techniques
3. The latest threats to Web Services and AJAX-enabled applications

 

 

 

  • Top Instructors
  • 30 Hours of Hands On Labs
  • Hundreds of tools loaded onto VMs for you
"I was blown away by the instructor's knowledge and expertise. ... Would recommend to anyone thinking about being a pen tester"

Connie Brown

United States Air Force

Web App Topics and Labs:

InfoSec Institute has only the highest quality instructors, with deep background in Application Security. Our instructors are actively involved in the Application Security community. They have authored several books on the subject, spoken at various industry conferences, and are considered subject matter experts. 

  • Secure Programming Throughout the Application Development Lifecycle
  • Confronting Flawed Input Data
  • Implementation Best Practices
  • Source code analysis scanning software
  • Code Origin Access Control Methods
  • Network Transmission Security with the JSSE API/SSL
  • WS Security, XKMS, and WS-I Basic security profile
  • SecureXML Libraries
  • Privilege Escalation Opportunities
  • Race Conditions
  • Cross Site Scripting Injection
  • .Net Secure Remoting
  • Windows Forms Security
  • SQL Server: Exploitation and Defense
  • Fault Injection and Fuzzing
  • Java security managers, policy files, and JAAS
  • ASP.NET Security
  • XOR, Base64 and Garbage Data Obfuscation
  • Securely Maintaining Session State – Best Practices
  • Session fixation
  • Advanced SQL Injection
  • Oracle PL/SQL Injection
  • .Net Security tokens, XML signature, XML canonicalization, and XML encryption
  • .Net WS-Trust and WS-SecureConversation
  • Error Control Verbosity Abuse

 


See what our students are saying

  • Mario Rodrguez

    U.S. ARMY

    "you have set the standard"

    "You have set the standard for instruction. Innovative and teaches you how to think through a problem with sound logic."


    Find out more
  • "...well worth the money"

    "It was fantastic! I learned more then i could have ever dreamed! even if I dont pass the exam the knowledge i got was well worth the money I spent!! and i had a good time leanring as well!"


    Find out more
  • "nice to have a dedicated training laptop provided"

    "I got a lot out of the real world scenarios presented in class. Jeremy is very knowledgeable in the field of penetration testing. Would definitely take classes again if he is the instructor. The course books are a great reference, and it was nice to have a dedicated training laptop provided by Infosec and not have to bring my own and waste time installing programs during class"


    Find out more
  • Rummy Dabgotra

    MTS Allstream

    "invaluable to my career"

    "Dan is an excellent instructor and incredibly knowledgeable. Great presenter and very helpful. The course was very intense but well structured. The hours were long but it really allows you to get your head wrapped around it. Slide notes were very good as well as the lab pre-info. The labs tied well into the course. The content and knowledge gained will be invaluable to my career."


    Find out more

Pricing

Call (866)-471-0059 or fill out this short form for current pricing

 

  • Gain the in-demand career skills of an Application Security Professional.

    Learn application security fundamentals, hands on application assessment
    techniques and methodologies used by the top application security professionals.

  • Develop a custom process for code assessments across many languages and platforms.
    More than interesting theories and lecture, get your hands dirty in online labs.

 

YOU ALSO GET

  • Access to 50+ online modules totaling 54 hours of training.
  • Multiple VMs (Virtual Machines) pre-loaded with hundreds of tools and scripts so you can do over 31 hands-on lab exercises from home or work.
  • InfoSec's Custom Application Security Enterprise Suite.
  • Certified Web Application Pen Testert exam fees.
  • Lecture, Lab Exercise and Text books
OUR STUDENTS SAY:
InfoSec Institute has an excellent instructor and this is the best IT security class I have ever taken. His knowledge and method of teaching are unsurpassed.