Mobile and Web Application Penetration Testing Training Boot Camp
Transform your career in 5 days
Boot camp at a glance
Online, in-person, team onsite
1-3 years of experience
What you'll learn
This immersive mobile and web application penetration testing training equips you with the knowledge and expertise to perform thorough assessments of applications and effectively mitigate potential security risks. By completing this course, you will:
- Identify vulnerabilities: Develop the skills to identify and exploit vulnerabilities in mobile and web applications, including common weaknesses such as injection attacks, cross-site scripting (XSS) and security misconfigurations.
- Get hands-on experience: Learn how to demonstrate common vulnerabilities found in a web or mobile app. Assess and exploit the app, then use remediation steps to help close the security hole.
- Understand different application frameworks: Learn how to perform static and dynamic analysis of iOS and Android apps using popular tools to find vulnerabilities in source code, exploit weaknesses in implementing mobile security controls and more.
- Prepare for industry certification: Leave fully prepared to pass the Certified Mobile and Web Application Penetration Tester (CMWAPT) exam.
By the end of the Mobile and Web Application Penetration Testing Boot Camp, you will have the confidence and skills to perform comprehensive security assessments of mobile and web applications, helping organizations identify and mitigate vulnerabilities.
Who should attend
This boot camp is designed for penetration testers, security analysts and other security professionals individuals interested in securing applications. Here's what each role can gain from attending:
- Web application penetration testers
- Application security analysts
- Ethical hackers
- Software developers
- Security consultants
- IT professionals involved in mobile and web application development and security
Join us and take your mobile and web application security expertise to the next level.
Award-winning training you can trust
Ready to discuss your training goals? We've got you covered.
Complete the form and book a meeting with a member of our team to explore your learning opportunities.
This is where the error message would go.
Thanks! We look forward to meeting with you!
Everything you need to know
- 90-day extended access to Boot Camp components, including class recordings
- 100% Satisfaction Guarantee
- Exam Pass Guarantee
- Exam voucher
- Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
- Knowledge Transfer Guarantee
- Onsite proctoring of exam
- Pre-study learning path
- Unlimited practice exam attempts
What makes the Infosec Mobile and Web Application Penetration Testing prep course different?
You can rest assured that the Mobile and Web Application Penetration Testing training materials are fully updated and synced with the latest version of the exam. With 20 years of training experience, we stand by our Mobile and Web Application Penetration Testing training with an Exam Pass Guarantee. This means if you don’t pass the exam on the first attempt, we’ll pay for your second exam at no additional cost to you!
Before your boot camp
Web application (in)security
- Setting up a web application pentesting platform
- Installing vulnerable apps
- Burp Suite basics
- Analyzing traffic over HTTP
- Analyzing traffic over HTTPs
Understanding HTTP protocol
- HTTP headers
- Attacking HTTP basic & digest authentication
- Conducting a brute-force attack
Web app pentesting tools
- Analyzing the attack surface
- Information gathering
- Finding hidden URLS with dirbuster
Finding weaknesses in web apps
- Identifying weak SSL certificates
Optional group & individual study
Exploiting web app vulnerabilities
- Cross-site scripting (XSS) — reflected, stored and DOM based
- HTML injection
- Broken authentication and session management
- Insecure direct object references cross-site request forgery (CSRF)
- Insufficient transport layer protection
- Unvalidated redirects and forwards
- Cross origin resource sharing
- Command injection vulnerabilities
- Local file inclusion vulnerability
- Remote file inclusion vulnerability
Exploiting web app vulnerabilities continued
- Insecure direct object reference
- HTTP response splitting
- SQL injection
- Attaching session management
- HTTP response header injection
- Improper exception handling
- Server side code disclosure
- Chaining XSS with other attacks
- Targeting reset password functionality
- Business logic flaws
Securing web apps
- Applying input validation
- IP whitelisting
- Implementing access controls
- Removing HTTP headers
- Preventing CSRF with tokens
- Setting login limits
- Removing server configuration errors
- Identifying and fixing business logic issues
Optional group & individual study
Getting started with iOS pentesting
- iOS security model
- App signing, sandboxing and provisioning
- Setting up XCode 9
- Changes in iOS 11
- Primer to iOS 10 security
- Exploring the iOS filesystem
- Intro to Objective-C and Swift
- What's new in Swift 4?
- Setting up the pentesting environment
- Jailbreaking your device
- Cydia, Mobile Substrate
- Getting started with Damn Vulnerable iOS app
- Binary analysis
- Finding shared libraries
- Checking for PIE, ARC
- Decrypting IPA files
- Self signing IPA files
Static and dynamic analysis of iOS apps
- Static Analysis of iOS application
- Dumping class information
- Insecure local data storage
- Dumping Keychain
- Finding URL schemes
- Dynamic Analysis of iOS applications
- Cycript basics
- Advanced Runtime Manipulation using Cycript
- Method Swizzling
- GDB basic usage
- Modifying ARM registers
Exploiting iOS applications
- Broken cryptography
- Side channel data leakage
- Sensitive information disclosure
- Exploiting URL schemes
- Client side injection
- Bypassing jailbreak, piracy checks
- Inspecting Network traffic
- Traffic interception over HTTP, HTTPs
- Manipulating network traffic
- Bypassing SSL pinning
Optional group & individual study
Reversing iOS apps
- Introduction to Hopper
- Disassembling methods
- Modifying assembly instructions
- Patching app binary
Securing iOS apps
- Where to look for vulnerabilities in code?
- Code obfuscation techniques
- Piracy/jailbreak checks
- iMAS, Encrypted Core Data
Understanding Android architecture
- Why Android
- Intro to Android
- Android application structure
- Signing Android applications
- ADB — non root
- Rooting Android devices
- ADB — rooted
- Understanding Android file system
- Permission model flaws
- Understanding Android componenets
- Introducing Android Emulator
- Introducing Android AVD
Reversing Android apps
- Proxying Android traffic
- Reverse engineering for Android apps
- Smali labs for Android
- Dex analysis and obfuscation
- Android app hooking
Optional group & individual study
Exploiting Android apps
- Attack surfaces for Android applications
- Exploiting local storage
- Exploiting weak cryptography
- Exploiting side channel data leakage
- Root detection and bypass
- Exploiting weak authorization mechanism
- Identifying and exploiting flawed broadcast receivers
- Identifying and exploiting vulnerable activity components
- Exploiting backup and debuggable apps
- Dynamic analysis for Android apps
- Analyzing ProGuard, DexGuard and other obfuscation techniques
- Exploitation using Dozer
- Automated source code analysis
- Exploiting Android embedded applications
Take CMWAPT exam
After you finish the application testing training
To stay ahead in the rapidly evolving field of mobile and web application security, continuous learning and professional development are essential. Consider the following options to further enhance your skills and knowledge:
- Explore advanced courses in web application security to deepen your expertise in specific areas such as API security, secure coding or mobile application security.
- Earn additional industry certifications related to penetration testing, such as the CompTIA PenTest+, Certified Cloud Penetration Tester (CCPT) or Certified Red Team Operations Professional (CRTOP).
- Engage in hands-on projects and participate in bug bounty programs to gain practical experience in identifying and reporting vulnerabilities in web applications.
- Stay updated with the latest trends and advancements in mobile and web application security by attending conferences, joining online communities and following industry-leading blogs and publications.
Unlock team training discounts
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.
What are some tips I should know when preparing for the CMWAPT exam?
To prepare for this exam, you should study the exam’s content, format and question style. The exam covers three main topics:
Web application pentesting
Practice exams will help you get familiar with the exam layout and type of questions asked. To be extra prepared, read up on 8 tips for IT certification success to set you up for success with certification exams like the CMWAPT.
What are the career opportunities like for Web and Mobile Application Penetration certified professionals?
With your expertise in web and mobile application penetration testing, you have diverse career opportunities in the cybersecurity industry. Common job titles and roles held by professionals in this field include:
- Mobile penetration tester
- Application developer
- Ethical hacker
- Security consultant
- Incident responder
The demand for skilled professionals in web application security is growing, with organizations across industries recognizing the importance of securing their web-based systems and applications.
What job titles are most common for people with this Mobile and Web Application Penetration Testing certification?
Some common positions that this certification can help you land include:
Web application penetration tester
Application security analyst
Mobile and Web Application Penetration certification salary expectations
A career in mobile and web application penetration testing can be financially rewarding. While salaries vary greatly depending on experience, location and industry, professionals with application security training earn an average of $157,000 annually. For more detailed information on salary trends and earning potential, read our article on web application penetration testing salary information.
Our boot camp guarantees
Exam Pass Guarantee
If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Frequently asked questions
What is web and mobile application penetration testing?
How is penetration testing different from ethical hacking?
What hardware and software is needed to complete the Mobile and Web App Pentesting Boot Camp?
How has the penetration testing industry grown in recent years? Has the need for penetration testing skills changed in the last five or 10 years?
You're in good company
Jennifer, IT Security Professional
I highly recommend this web application penetration testing course. The practical exercises and hands-on labs provided valuable insights into real-world scenarios. The instructors were knowledgeable and supportive throughout the training.
David, Software Developer
The course materials were comprehensive, and the labs allowed me to practice various penetration testing techniques on web applications. The instructors shared their expertise and provided practical tips for securing web applications effectively.
Sarah, Cybersecurity Analyst
This course provided a solid foundation in web application penetration testing. The hands-on labs were challenging, and the instructors were excellent in explaining complex concepts. I feel confident in my ability to assess and secure web applications after completing this training.
Enroll in a boot camp
Explore our top boot camps