Learning Path
Certified Mobile and Web App Penetration Tester (CMWAPT)
Learn the skills required for conducting security tests of mobile and Web apps.
What you will learn
This learning path builds your penetration testing skills and prepares you to earn your Certified Mobile and Web App Penetration Tester (CMWAPT) certification. As you progress through nine courses tied to the CMWAPT exam domains, you'll build your skills around using pentesting methodologies and tools to conduct tests on Web and mobile apps and assess their security. Upon completion, you'll be prepared to earn your CMWAPT certification and validate your pentesting knowledge.Syllabus
CMWAPT Skill Assessment
Assessment - 50 questions
CMWAPT Practice Exam
Assessment - 50 questions
Custom CMWAPT Practice Exam
Assessment - 50 questions
Introduction to Web Application Pentesting
Course - 00:19:00
People today do more than ever via Web apps: banking, purchasing, work, even controlling home appliances. This means that attackers have more avenues of attack. In this course, you’ll begin on your pentesting career with a focus on Web application penetration testing, looking at methodologies, the OWASP top ten threat list, the hazards of the modern network and more.
Target Identification and Application Mapping
Course - 00:54:00
Never go in without a plan. Get to grips with target identification and application mapping through this course covering passive intelligence gathering, service identification, how servers and apps communicate, core defense mechanisms, Burp Suite and more. What is open-source intelligence? What’s the difference between first- and third-party sources? What’s the first step of attacking a web application? Get the dirt on getting intelligence.
Attacking Web Application Access Controls
Course - 00:28:00
Doors are dangerous: even the best-protected door is still a hole in the perimeter that an attacker can slip through. Access controls are no different. Learn how to slip through those doors with this course on attacking Web application access controls, covering attacking authentication, attacking session management and bypassing client-side controls. Familiarize yourself with password cracking, social engineering, hashing and more.
Injection Attacks
Course - 00:19:00
If you can sneak malicious code into an application, then you have your way in. This course focuses on two such attacks: SQL (Structured Query Language) injection and code injection, aimed at vulnerable input areas in data-driven or Web applications. Take a look at circumventing authentication, error-based and blind SQL injection, inserting and retrieving data and more. Includes vocabulary and example scenarios.
Common Attack Methods
Course - 00:37:00
Pentesters will often find themselves using hackers’ tricks in professional engagements. Take a closer look at just some of those tricks with this course on common attack methods. Beginning with a quick introduction to clickjacking, the course will take you through attacking Web services, cross-site scripting (often called XSS), directory traversal, local and remote file inclusion and more. You’ll also look at a hacker’s toolkit of useful programs and brush up on what you can do to secure Web apps.
Introduction to iOS App Pentesting
Course - 00:34:00
Get ready for the challenges and complexities of iOS app pentesting with this course. Beginning with a quick introduction to the tools and equipment you’ll need, you’ll look at analyzing an iOS app, binary analysis, setting up the device and common iOS app security measures. Become familiar with common jailbreaking tools, the uses and details of Objective-C, application permissions and more.
iOS App Pentesting Tools and Techniques
Course - 00:46:00
Get to know the tools and techniques you’ll need for iOS app pentesting with this course. Beginning with the basics of insecure data storage and the ways it can be exploited, you’ll look at runtime manipulation, URL schemes, analyzing network traffic, broken cryptography and more. You’ll also examine the other side of the coin by going through some guidelines for secure coding that can close those holes in a system’s security. Includes vocabulary and examples.
Introduction to Android App Pentesting
Course - 00:20:00
Prepare for the challenge of Android app pentesting with this introductory course. You’ll cover the tools and equipment you’ll need (including VM and emulator), look at reversing Android applications and begin your work with Drozer. Includes step-by-step instructions, vocabulary and diagrams.
Android App Pentesting Tools and Techniques
Course - 00:30:00
It’s time to get to work on Android app pentesting. Prepare for the pentest operation with this course on Android app pentesting tools and techniques, beginning with exploiting Android components and continuing on to look at insecure data storage, analyzing network traffic, side channel data leakage, broken cryptography and more. Includes an in-depth look at the Frida toolkit and guidelines for secure coding practices.
The details
Learning path insights
How to claim CPEs
Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.
Associated NICE Work Roles
All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.
- Cyber Operator
- Network Operations Specialist
- Cyber Instructor
No software. No set up. Unlimited access.
Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.
Plans & pricing
Infosec Skills Personal
$299 / year
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
Infosec Skills Teams
$799 per license / year
- Team administration and reporting
- Dedicated client success manager
-
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
-
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments