• 708.689.0131
  • Contact us
  • Login
Infosec Logo
  • Infosec Logo
  • Products
  • Solutions
  • Resources
  • Company
  • Product overview
  • Infosec IQ logo Security awareness & culture
  • Infosec Skills logo On-demand training & cyber ranges
  • Infosec Skills Live Boot Camps logo On-demand training & cyber ranges
  • Infosec IQ overview
  • Security awareness training
  • Phishing simulator
  • Reporting & assessments
  • Integrations & automation
  • Global administration
  • Browse all training
  • Pricing & features
  • Demo
  • Infosec Skills overview
  • Role-guided training
  • Infosec Skills Teams
  • Cyber ranges & labs
  • Certifications & CPEs
  • Skill assessments
  • Browse all training
  • Pricing & features
  • Book a meeting
  • Live boot camps
  • Infosec Institute certifications
  • DoD 8570 certifications
  • Get team boot camp pricing
  • View boot camp schedule
  • Book a meeting
  • Pre-built training plans
  • Compliance, industry & role-based training
  • Custom education
  • Personalized learning
  • Languages
  • Gamified learning
  • 1000+ phishing templates
  • Simulation types
  • Phishing email reporter
  • Dashboard reports
  • Security culture survey
  • Assessments
  • Learner analytics
  • Learner management
  • Threat response orchestration
  • Integrations
  • 52 NICE Work Roles
  • SOC Analyst
  • Cloud Security Engineer
  • Security Manager
  • ICS Security Practitioner
  • Security Engineer
  • Penetration Tester
  • Digital Forensics Analyst
  • Information Risk Analyst
  • Security Architect
  • Secure Coder
  • Boot camp overview
  • CISSP Boot Camp
  • Security+ Boot Camp
  • Ethical Hacking Boot Camp
  • CCNA Dual Cert Boot Camp
  • CASP+ Boot Camp
  • CCSP Boot Camp
  • CISM Boot Camp
  • CySA+ Boot Camp
  • PMP Boot Camp
  • Browse all boot camps
Choose Your Own Adventure

Security awareness games by Infosec

Click to Play

On-demand training for every cybersecurity role

Download Catalog

Certification training from industry experts

Get Pricing
  • Solutions overview
  • By organization type
  • By need
  • For business teams
  • For government & contractor teams
  • For MSPs & resellers
  • Security awareness
  • Phishing simulation
  • Technical skill development
  • IT certification
  • Compliance & framework
  • CMMC certification

    2021 IT & Security Talent Pipeline Study

    Download Now
    • Cyber Work
    • Webcasts
    • Case studies
    • Reports & whitepapers
    • Blog
    • Community
    • Infosec Inspire
    • Free tools
    • Cyber Work Podcast
    • Cyber Work Applied
    • Infosec Insiders
    • TechExams
    • YouTube
    • LinkedIn
    • Facebook
    • Twitter
    • Phishing Risk Test
    • Security awareness ROI calculator
    • Security awareness training plans
    • Security awareness buyer’s guide

      Cyber Work Podcast

      New cybersecurity career conversations every week

      Listen Now
      • About us
      • Events & webcasts
      • Careers
      • Scholarships & awards
      • Infosec Gives
      • Infosec Gives Partner Program
      • About us
      • Leadership
      • Newsroom
      • Recognition
      • Industry alliances
      • Infosec Hall of Fame
      • Infosec Security Awareness Awards
      • Infosec Accelerate Scholarship Program

        We’re hiring!

        Join a team dedicated to making a difference.

        Get To Know Us

        Mobile and Web Application Penetration Testing Training Boot Camp

        Learn how to conduct penetration tests on mobile and web applications! This boot camp goes in-depth into the tools and techniques used to exploit and defend web and mobile apps with a combination of hands-on labs and expert instruction.

        ★★★★☆
        4.2
        (487 ratings)
        View Pricing Book a Boot Camp
        web-application-penetration-testing

        Earn your CMWAPT, guaranteed!

        • 5 days of expert, live pentesting training
        • Exam Pass Guarantee
        • Exam voucher
        • Unlimited practice exam attempts
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($599 value!)
        • 1-year access to all boot camp video replays and materials
        • Onsite proctoring of exam
        • Pre-study learning path
        • Knowledge Transfer Guarantee

        Hands-on labs

        Get hands-on penetration testing experience in our cloud-hosted lab environment. Typical labs consist of an app demonstrating a vulnerability commonly found in a Web or mobile app. You’ll learn how to assess the app like a black hat hacker and exploit the app to demonstrate the true risk of the vulnerability to the app owner. This can involve taking control of the app itself, downloading data the app stores or using the app as a launching pad to attack unsuspecting visitors with a malicious script. You’ll also learn remediation steps so that the app owner can properly close the security hole.

         

        View full course schedule

        Training overview

        Infosec’s Mobile and Web Application Penetration Testing Boot Camp is a practical, hands-on training focused on teaching you the skills, tools and techniques required for conducting comprehensive security tests of mobile devices and web applications.

        You’ll learn the secrets of mobile and web app penetration testing in an immersive environment, including exploiting and defending web and mobile apps, performing static and dynamic analysis of iOS and Android apps using popular tools, finding vulnerabilities in source code, exploiting weaknesses in the implementation of mobile security controls and more. The boot camp also prepares you to earn the Certified Mobile and Web Application Penetration Tester (CMWAPT) certification.

        What you’ll learn

        • Web application pentesting
        •  iOS exploitation
        • Android exploitation

        Who should attend

        • Penetration testers
        • Application developers
        • Web administrators
        • Security analysts

        Prerequisites

        Familiarity with penetration testing concepts and at least one year in an information security role, or equivalent experience, is recommended.

        Everything you need to earn your CMWAPT

        • 5 days of expert, live pentesting training
        • Exam Pass Guarantee
        • Exam voucher
        • Unlimited practice exam attempts
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($599 value!)
        • 1-year access to all boot camp video replays and materials
        • Onsite proctoring of exam
        • Pre-study learning path
        • Knowledge Transfer Guarantee
        Everything you need to earn your CMWAPT
        View Pricing

        Exam Pass Guarantee

        We guarantee you’ll pass your exam on the first attempt. Learn more.

        Mobile and Web Application Penetration Testing training schedule

        Infosec’s pentesting training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.

        • Before your boot camp
          • Start learning now. You’ll get immediate access to all the content in Infosec Skills so you can prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.

        • During your boot camp
          • Part 1 – Web application pentesting
            Module 1

            • Web application (in)security
            • Setting up a web application pentesting platform
            • Installing vulnerable apps
            • Burp Suite basics
            • Analyzing traffic over HTTP
            • Analyzing traffic over HTTPs

            Module 2

            • Understanding the HTTP protocol
            • HTTP headers
            • Attacking HTTP basic & digest authentication
            • Conducting a brute-force attack

            Module 3

            • Analyzing the attack surface
            • Information gathering
            • Finding hidden URLs with dirbuster
            • Identifying weak SSL certificates

            Module 4

            • Cross-site scripting (XSS) — reflected, stored and DOM based
            • HTML injection
            • Broken authentication and session management
            • Insecure direct object references cross-site request forgery (CSRF) \
            • Insufficient transport layer protection
            • Unvalidated redirects and forwards
            • Cross origin resource sharing
            • Command injection vulnerabilities
            • Local file inclusion vulnerability
            • Remote file inclusion vulnerability
            • Insecure direct object reference
            • HTTP response splitting
            • SQL injection
            • Attaching session management
            • HTTP response header injection
            • Improper exception handling
            • Server side code disclosure
            • Chaining XSS with other attacks
            • Targeting reset password functionality
            • Business logic flaws

            Module 5

            • Securing Web apps
            • Applying input validation
            • IP whitelisting
            • Implementing access controls
            • Removing HTTP headers
            • Preventing CSRF with tokens
            • Setting login limits
            • Removing server configuration errors
            • Identifying and fixing business logic issues

            Part 2 – iOS exploitation
            Module 1

            • iOS security model
            • App signing, sandboxing and provisioning
            • Setting up XCode 9
            • Changes in iOS 11
            • Primer to iOS 10 security
            • Exploring the iOS filesystem
            • Intro to Objective-C and Swift
            • What’s new in Swift 4?
            • Setting up the pentesting environment
            • Jailbreaking your device
            • Cydia, Mobile Substrate
            • Getting started with Damn Vulnerable iOS app
            • Binary analysis
            • Finding shared libraries
            • Checking for PIE, ARC
            • Decrypting IPA files
            • Self signing IPA file

            Module 2

            • Static Analysis of iOS applications
            • Dumping class information
            • Insecure local data storage
            • Dumping Keychain
            • Finding URL schemes
            • Dynamic Analysis of iOS applications
            • Cycript basics
            • Advanced Runtime Manipulation using Cycript
            • Method Swizzling
            • GDB basic usage
            • Modifying ARM registers

            Module 3

            • Exploiting iOS applications
            • Broken cryptography
            • Side channel data leakage
            • Sensitive information disclosure
            • Exploiting URL schemes
            • Client side injection
            • Bypassing jailbreak, piracy checks
            • Inspecting Network traffic
            • Traffic interception over HTTP, HTTPs
            • Manipulating network traffic
            • Bypassing SSL pinning

            Module 4

            • Introduction to Hopper
            • Disassembling methods
            • Modifying assembly instructions
            • Patching app binary
            • Logify

            Module 5

            • Securing iOS applications
            • Where to look for vulnerabilities in code?
            • Code obfuscation techniques
            • Piracy/jailbreak checks
            • iMAS, Encrypted Core Data

            Part 3 – Android exploitation
            Module 1

            • Why Android
            • Intro to Android
            • Android security architecture
            • Android application structure
            • Signing Android applications
            • ADB — non root
            • Rooting Android devices
            • ADB — Rooted
            • Understanding Android file system
            • Permission model flaws

            Module 2

            • Understanding Android components
            • Introducing Android Emulator
            • Introducing Android AVD

            Module 3

            • Proxying Android traffic
            • REverse engineering for Android apps
            • Smali labs for Android
            • Dex analysis and obfuscation
            • Android app hooking

            Module 4

            • Attack surfaces for Android applications
            • Exploiting local storage
            • Exploiting weak cryptography
            • Exploiting side channel data leakage
            • Root detection and bypass
            • Exploiting weak authorization mechanism
            • Identifying and exploiting flawed broadcast receivers
            • Identifying and exploiting flawed intents
            • Identifying and exploiting vulnerable activity components
            • Exploiting backup and debuggable apps
            • Dynamic analysis for Android apps
            • Analyzing ProGuard, DexGuard and other obfuscation techniques

            Module 5

            • Exploitation using Drozer
            • Automated source code analysis
            • Exploiting Android embedded applications
        • After your boot camp
          • Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

        Pentesting training resources

        Beginner’s Guide to Pentesting IoT Architecture/Network and Setting Up IoT Pentesting Lab – Part 1

        In this article, we will explain how to pentest an IoT Network/Architecture. Read more.

        Learn More

        Inside a purple team: Pentesting, vulnerabilities and other key skills

        We love red teaming here at Cyber Work, and this week we're excited to explore a topic just few shades down the spectrum: purple teaming! Luke Willadsen of EmberSec dives into the ways combining red and blue team operations can help stress-test your security department — and explains the benefits of a purple team better than we've ever heard it before. He also has some great stuff to say about the importance of soft skills like writing, reporting and, most crucially, empathy, since it may feel like a pentester holds the security team's career in their hands.

        Luke Willadsen currently serves as a security consultant with EmberSec, a By Light company. He began his cybersecurity career in the U.S. Navy, where he trained to conduct offensive security operations for the Department of Defense. He participated in daily computer network exploitation missions in support of national intelligence requirements and protection against foreign nation-state sponsored hackers. After separating from the U.S. Navy, Luke joined the start-up company IronNet Cybersecurity where he conducted penetration tests and vulnerability assessments, while also providing product development support and threat hunting capabilities. Following his time at IronNet, Luke worked as a director at a security consulting firm, where he specialized in red teaming, penetration testing, intelligence gathering, threat hunting, digital forensics and technical writing. Luke has an M.S. degree from Eastern Michigan University and is CISSP, OSCP and CEH certified.

        Listen Now

        Pentesting Mobile Applications with Burpsuite

        Pentesting of mobile applications has become a necessity to provide an adequate level of security to not only customers but to businesses and corporations whose respective sales teams are constantly on the road.

        Learn More

        Find your boot camp

        Take the course online?
        Learn more about online
        866.471.0059
        • Today
        • Next week
        • Next month
        See additional dates

        Sign up

        Enroll in a boot camp

          See additional dates

          Frequently asked questions

          • Why is getting certified an important part of a career in penetration testing?
            • Earning a Penetration Testing certification can be a great way to bump your status, job title, and even pay grade! It makes you a marketable employee and you will gain a specialized skillset through the certification process that other professionals lack. Infosec’s pen-testing Boot Camp offers hands-on training about hacking and penetration testing, which will give you the expertise necessary to differentiate yourself and impress potential employers.

          • What career opportunities are available to penetration Testing boot camp graduates?
            • While career opportunities are defined by education, certification, years of experience, and location—opportunity and the need for Ethical Hackers and Penetration Testers is rising at a significant rate. As cybersecurity threats continue to increase, the need for educated professionals in the field to identify weaknesses and prevent data breaches will grow alongside it. Click here for more information on career paths for pen-testers and related salary info.

          • How is penetration testing different from ethical hacking?
            • While the terms “Ethical Hacking” and “Penetration Testing” are often used interchangeably, there are a few details that differentiate the two. “Penetration testing” is a procedure to discover vulnerabilities about an information system—mimicking the methods of black hat hackers that would attempt to compromise secure information. “Ethical hacking” is more of an umbrella term that encompasses all hacking methods, including pen-testing. Click here for more information about the differences between these terms.

          • How does the CMWAPT examination process work?
            • The CMWAPT exam can be taken at training partner locations, proctored on-site for groups of at least 10, or taken over the internet. As a training partner, Infosec is verified to administer the exam on the 5th day of our Training session for both Flex Pro and Flex Classroom formats. The certification exam itself is a 50-question, multiple-choice test that must be completed in two hours. Any score above 70% is considered passing.

          • What are the renewal requirements for the CMWAPT?
            • After four years, the CMWAPT certification expires, and a renewal exam must be completed at no expense to the cert holder. Candidates up for recertification will be required to take the current version of the exam issued by the Infosec Institute.

          • What does this penetration testing training course provide that other offerings do not?
            • Infosec’s pass rate for Pen Testing Boot Camp participants sits at 93% – the highest in the industry! In a constantly-changing field, our experts work to keep their training up-to-date so that you can rest assured you’re receiving the highest quality training available—covering all the latest technologies.

          • What are CMWAPT domains?
            • The eight CMWAPT domains are as follows: Mobile and Web Application Pentesting Process and Methodology, Web Application Vulnerabilities, Web Application Attacks, Android Application Components, Android Application Attacks, iOS Application Components, iOS Application Attacks, and Secure Coding Principles.

          • How much programming experience is typically required to take this course?
            • The CMWAPT certification does not require students to have formal work-experience related to penetration testing. However, it is a rigorous exam and will test your ability to apply knowledge and skills in practice. We recommend you familiarize yourself with the content of each of the exam’s domains, as well as the associated tools and technology.

          • What are the pre-requirements to enroll in the Mobile and Web App Penetration Testing training?
            • There are no pre-requirements to enroll in this Training Boot Camp, however, we do recommend that students have a good working knowledge of networking, TCP/IP protocols, and the Linux Operating System before signing up.

          • What hardware and software is needed to complete the Mobile and Web App Pentesting boot camp?
            • None! All the necessary hardware and software will be provided during training.

          • How has the penetration testing industry grown in recent years? Has the need for penetration testing skills changed in the last 5 or 10 years?
            • The biggest change in the pen-testing industry has been the rapid increase of mobile and web application usage and development. Accomplished penetration testers today are required to know the ins-and-outs of both the Android and iOS platforms in order to identify vulnerabilities and threats. As technology continues to advance, the tools and techniques penetration testers utilize will continue to evolve as well.

          • Are exam vouchers included with the purchase of this course?
            • Yes, exam vouchers are included with the training, and the exam is proctored on-site during the final day of the course.

          • What job titles are most common for penetration testers and people who hold the Infosec Institute CMWAPT?
            • Common job titles include Penetration Tester, Security Engineer, Information Security Analyst, and many more.

          • What are some tips for passing the CMWAPT and other penetration testing certs?
            • We recommend enrolling in a training course like the one Infosec offers here. With a 93% certification exam pass rate, you can rest assured that we offer the best training in the industry! While studying, we recommend you budget your time accordingly so that you are familiar with each of the exam’s eight domains and can identify which topics are your weakest. Focus on the tools and technology you’ll use in real-world scenarios as a penetration tester.

          Infosec logo

          Products

          Infosec IQ Security awareness, culture & phishing simulator Infosec Skills Hands-on skill development & boot camps

          Resources

          Cyber Work Blog Infosec Inspire Events & webcasts

          Company

          Contact us About Infosec Careers Newsroom Partners
          • ©2022 Infosec Institute, Inc.
            • Trademarks
            • Privacy Policy

          Infosec, part of Cengage Group

          We use cookies to personalize your experience and optimize site functionality. Accept Cookie settings
          Privacy & Cookies Policy

          Infosec cookie notice

          We use cookies to help understand your needs, optimize website functionality and give you the best experience possible. Use this policy to understand how, when and where cookies are stored on your device. 

          Want to know more? Contact [email protected].
          Necessary
          Always Enabled
          This type of cookie helps keep our website functioning. They provide access to account-based features and other secure areas of our site, and do not store information about you that could be used for marketing. This category of cookies cannot be disabled.
          Analytics
          Google Analytics cookies help us understand how visitors use our site. All data collected from Google Analytics is anonymized (including your IP address) and stored by Google on U.S. servers.
          Marketing
          We use this type of cookie to optimize our marketing campaigns. Marketing cookies are delivered by our database when you visit our site, complete a form or open email from us. Information stored in this cookie includes personal information like your name and what pages you view on our site.
          Save & Accept