Next boot camp starts soon. Enroll now.

Mobile and Web Application Penetration Testing Training Boot Camp

Transform your career in 5 days

Our boot camp is designed to provide a comprehensive learning experience in mobile and web application penetration testing. Through in-depth instruction and practical exercises, you gain the necessary skills to assess and identify vulnerabilities in web and mobile applications and bolster their security and strength.

4.20 (487 ratings)

View Pricing
Affirm Financing available
Exam Pass Guarantee

Course essentials

Boot camp at a glance

  • Method

    Online, in-person, team onsite

  • Duration

    5 days

  • Experience

    1-3 years

  • Average salary

    $157,400

Ready to discuss your training goals? We've got you covered.

Complete the form and book a meeting with a member of our team to explore your learning opportunities.

This is where the error message would go.

Step 1

Finish

Thanks! We look forward to meeting with you!

Book a Meeting

What you'll learn

Training overview

Exam Pass Guarantee

This immersive mobile and web application penetration testing training equips you with the knowledge and expertise to perform thorough assessments of applications and effectively mitigate potential security risks. By completing this course, you will:

  • Identify vulnerabilities: Develop the skills to identify and exploit vulnerabilities in mobile and web applications, including common weaknesses such as injection attacks, cross-site scripting (XSS) and security misconfigurations.
  • Get hands-on experience: Learn how to demonstrate common vulnerabilities found in a web or mobile app. Assess and exploit the app, then use remediation steps to help close the security hole.
  • Understand different application frameworks: Learn how to perform static and dynamic analysis of iOS and Android apps using popular tools to find vulnerabilities in source code, exploit weaknesses in implementing mobile security controls and more.
  • Prepare for industry certification: Leave fully prepared to pass the Certified Mobile and Web Application Penetration Tester (CMWAPT) exam.

By the end of the Mobile and Web Application Penetration Testing Boot Camp, you will have the confidence and skills to perform comprehensive security assessments of mobile and web applications, helping organizations identify and mitigate vulnerabilities.

Learn More

Award-winning training you can trust

What's included

Everything you need to know

Certification Logo
  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Onsite proctoring of exam
  • Pre-study learning path
  • Unlimited practice exam attempts
View Pricing

What makes the Infosec Mobile and Web Application Penetration Testing prep course different?

You can rest assured that the Mobile and Web Application Penetration Testing training materials are fully updated and synced with the latest version of the exam. With 20 years of training experience, we stand by our Mobile and Web Application Penetration Testing training with an Exam Pass Guarantee. This means if you don’t pass the exam on the first attempt, we’ll pay for your second exam at no additional cost to you!

Learn More

Before your boot camp

Prerequisites

Prior to enrolling in the Mobile and Web Application Penetration Testing Training Boot Camp, you must have:

  • Familiarity with penetration testing concepts
  • At least one year in an information security role or equivalent experience. This is recommended to be prepared for the CMWAPT exam.
Enroll Now

Syllabus

Training schedule

Day 1
Morning session

Web application (in)security

  • Setting up a web application pentesting platform
  • Installing vulnerable apps
  • Burp Suite basics
  • Analyzing traffic over HTTP
  • Analyzing traffic over HTTPs

Understanding HTTP protocol

  • HTTP headers
  • Attacking HTTP basic & digest authentication
  • Conducting a brute-force attack
Afternoon session

Web app pentesting tools

  • Analyzing the attack surface
  • Information gathering
  • Finding hidden URLS with dirbuster

Finding weaknesses in web apps

  • Identifying weak SSL certificates
Evening session

Optional group & individual study

Day 2
Morning session

Exploiting web app vulnerabilities

  • Cross-site scripting (XSS) — reflected, stored and DOM based
  • HTML injection
  • Broken authentication and session management
  • Insecure direct object references cross-site request forgery (CSRF)
  • Insufficient transport layer protection
  • Unvalidated redirects and forwards
  • Cross origin resource sharing
  • Command injection vulnerabilities
  • Local file inclusion vulnerability
  • Remote file inclusion vulnerability
Afternoon session

Exploiting web app vulnerabilities continued

  • Insecure direct object reference
  • HTTP response splitting
  • SQL injection
  • Attaching session management
  • HTTP response header injection
  • Improper exception handling
  • Server side code disclosure
  • Chaining XSS with other attacks
  • Targeting reset password functionality
  • Business logic flaws

Securing web apps

  • Applying input validation
  • IP whitelisting
  • Implementing access controls
  • Removing HTTP headers
  • Preventing CSRF with tokens
  • Setting login limits
  • Removing server configuration errors
  • Identifying and fixing business logic issues
Evening session

Optional group & individual study

Day 3
Morning session

Getting started with iOS pentesting

  • iOS security model
  • App signing, sandboxing and provisioning
  • Setting up XCode 9
  • Changes in iOS 11
  • Primer to iOS 10 security
  • Exploring the iOS filesystem
  • Intro to Objective-C and Swift
  • What's new in Swift 4?
  • Setting up the pentesting environment
  • Jailbreaking your device
  • Cydia, Mobile Substrate
  • Getting started with Damn Vulnerable iOS app
  • Binary analysis
  • Finding shared libraries
  • Checking for PIE, ARC
  • Decrypting IPA files
  • Self signing IPA files

Static and dynamic analysis of iOS apps

  • Static Analysis of iOS application
  • Dumping class information
  • Insecure local data storage
  • Dumping Keychain
  • Finding URL schemes
  • Dynamic Analysis of iOS applications
  • Cycript basics
  • Advanced Runtime Manipulation using Cycript
  • Method Swizzling
  • GDB basic usage
  • Modifying ARM registers
Afternoon session

Exploiting iOS applications

  • Broken cryptography
  • Side channel data leakage
  • Sensitive information disclosure
  • Exploiting URL schemes
  • Client side injection
  • Bypassing jailbreak, piracy checks
  • Inspecting Network traffic
  • Traffic interception over HTTP, HTTPs
  • Manipulating network traffic
  • Bypassing SSL pinning
Evening session

Optional group & individual study

Day 4
Morning session

Reversing iOS apps

  • Introduction to Hopper
  • Disassembling methods
  • Modifying assembly instructions
  • Patching app binary
  • Logify

Securing iOS apps

  • Where to look for vulnerabilities in code?
  • Code obfuscation techniques
  • Piracy/jailbreak checks
  • iMAS, Encrypted Core Data
Afternoon session

Understanding Android architecture

  • Why Android
  • Intro to Android
  • Android application structure
  • Signing Android applications
  • ADB — non root
  • Rooting Android devices
  • ADB — rooted
  • Understanding Android file system
  • Permission model flaws
  • Understanding Android componenets
  • Introducing Android Emulator
  • Introducing Android AVD

Reversing Android apps

  • Proxying Android traffic
  • Reverse engineering for Android apps
  • Smali labs for Android
  • Dex analysis and obfuscation
  • Android app hooking
Evening session

Optional group & individual study

Day 5
Morning session

Exploiting Android apps

  • Attack surfaces for Android applications
  • Exploiting local storage
  • Exploiting weak cryptography
  • Exploiting side channel data leakage
  • Root detection and bypass
  • Exploiting weak authorization mechanism
  • Identifying and exploiting flawed broadcast receivers
  • Identifying and exploiting vulnerable activity components
  • Exploiting backup and debuggable apps
  • Dynamic analysis for Android apps
  • Analyzing ProGuard, DexGuard and other obfuscation techniques
  • Exploitation using Dozer
  • Automated source code analysis
  • Exploiting Android embedded applications
Afternoon session

Take CMWAPT exam

Download Full Syllabus

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

View Pricing

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Request Team Pricing

FAQ

Frequently asked questions

What is web and mobile application penetration testing?
Web and mobile application penetration testing is a security assessment technique to identify vulnerabilities and security weaknesses. It involves simulating real-world attacks on mobile and web applications to assess their security posture and uncover potential vulnerabilities that could be exploited by attackers.
How is penetration testing different from ethical hacking?
While the terms “ethical hacking” and “penetration testing” are often used interchangeably, there are a few details that differentiate the two. Penetration testing is a procedure to discover vulnerabilities in an information system — mimicking the methods of hackers attempting to compromise secure information. Ethical hacking is more of an umbrella term that encompasses all hacking methods, including pentesting. Read our article, Ethical hacking vs. penetration testing, for more information about the differences between these terms.
What hardware and software is needed to complete the Mobile and Web App Pentesting Boot Camp?
None! All the necessary software and free tools will be provided during training.
How has the penetration testing industry grown in recent years? Has the need for penetration testing skills changed in the last five or 10 years?
The biggest change in the pentesting industry has been the rapid increase in mobile and web application use and development. Accomplished penetration testers today are required to know the ins and outs of both the Android and iOS platforms to identify vulnerabilities and threats. As technology continues to advance, the tools and techniques penetration testers utilize will continue to evolve as well.

You're in good company

J

I highly recommend this web application penetration testing course. The practical exercises and hands-on labs provided valuable insights into real-world scenarios. The instructors were knowledgeable and supportive throughout the training.

Jennifer, IT Security Professional

D

The course materials were comprehensive, and the labs allowed me to practice various penetration testing techniques on web applications. The instructors shared their expertise and provided practical tips for securing web applications effectively.

David, Software Developer

S

This course provided a solid foundation in web application penetration testing. The hands-on labs were challenging, and the instructors were excellent in explaining complex concepts. I feel confident in my ability to assess and secure web applications after completing this training.

Sarah, Cybersecurity Analyst

Enroll in a boot camp

November 06, 2023 - November 10, 2023

Online only

Book Now

March 25, 2024 - March 29, 2024

Online only

Book Now

Explore our top boot camps

More learning opportunities

Most popular

CompTIA Security+ Training Boot Camp Boot camp

CompTIA Security+ Training Boot Camp

This five-day boot camp equips you with the knowledge and hands-on exercises needed to get CompTIA Security+ certified. Infosec’s Security+ Training Boot Camps are led by cybersecurity experts that will teach you everything you need to know to pass the Security+ exam — guaranteed. Infosec is an authorized training partner of CompTIA, and our training has won numerous awards, including the CompTIA Outstanding Partner Award.
Learn More

#1 FOR BEGINNERS

Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification Boot camp

Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification

This Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification is designed to enhance network engineers’ and administrators’ skills with comprehensive knowledge of Cisco router and switch configuration. By enrolling in our boot camp, you gain hands-on experience, practical skills and the preparation needed to earn two valuable Cisco certifications.
Learn More

Most requested

(ISC)² CISSP® Training Boot Camp Boot camp

(ISC)² CISSP® Training Boot Camp

Our CISSP Boot Camp is designed to tackle the ever-evolving challenges of information security, and our intensive program provides you with the skills needed to excel. We cover the broad range of knowledge required for the CISSP certification and fully prepare you to pass the CISSP exam.

Learn More