Description
Duration: 4 days
This instructor-led, hands-on course introduces web application penetration testing from the ground up, requiring no prior experience with hacking or security. Students will build a working understanding of how web applications function, learn to identify and exploit common vulnerabilities, and develop an attacker’s perspective through practical exercises. Each module emphasizes real-world techniques rather than theory alone. The course includes 12 months of access to the on-demand version for continued study, along with two exam vouchers for TCM Security’s Practical Web Pentest Associate (PWPA) and Practical Web Pentest Professional (PWPP) certifications, each valid for 12 months from the course completion date.
Target Audience
- Aspiring penetration testers and cybersecurity professionals entering the field
- Beginners in web application penetration testing who want to formally validate their skills
- Individuals with a strong interest in understanding how web applications can be exploited
- Those seeking additional support while preparing for the PJPT or PWPA certifications
- Professionals looking to expand their knowledge, sharpen their skills, and refine their testing methodologies
- Intermediate web application pentesters who want to move past the basics and develop a deeper understanding of web app vulnerabilities
- Web application developers with some hands-on experience who want to build foundational security knowledge
- Students preparing to sit for the Practical Web Penetration Tester (PWPT) exam
Prerequisites
- No prior technical or security knowledge is required beyond basic computer use
What’s included?
- Authorized Courseware
- Intensive Hands on Skills Development with an Experienced Subject Matter Expert
- Hands on practice on real Servers and extended lab support 1.800.482.3172
- Examination Vouchers & Onsite Certification Testing – (excluding Adobe and PMP Boot Camps)
- Academy Code of Honor: Test Pass Guarantee
- Optional: Package for Hotel Accommodations, Lunch and Transportation
With several convenient training delivery methods offered, The Code Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Code Academy for an engaging and effective learning experience.
Methods
- Instructor Led (the best training format we offer)
- Live Online Classroom – Online Instructor Led
- Self-Paced Video
Speak to an Admissions Representative for complete details
| Start | Finish | Public Price | Public Enroll | Private Price | Private Enroll |
|---|---|---|---|---|---|
| 5/25/2026 | 5/28/2026 | ||||
| 6/15/2026 | 6/18/2026 | ||||
| 7/6/2026 | 7/9/2026 | ||||
| 7/27/2026 | 7/30/2026 | ||||
| 8/17/2026 | 8/20/2026 | ||||
| 9/7/2026 | 9/10/2026 | ||||
| 9/28/2026 | 10/1/2026 | ||||
| 10/19/2026 | 10/22/2026 | ||||
| 11/9/2026 | 11/12/2026 | ||||
| 11/30/2026 | 12/3/2026 | ||||
| 12/21/2026 | 12/24/2026 | ||||
| 1/11/2027 | 1/14/2027 | ||||
| 2/1/2027 | 2/4/2027 | ||||
| 2/22/2027 | 2/25/2027 | ||||
| 3/15/2027 | 3/18/2027 | ||||
| 4/5/2027 | 4/8/2027 | ||||
| 4/26/2027 | 4/29/2027 |
Learning Objectives
- Describe the core architecture and behavior of web applications
- Identify and exploit common server-side vulnerabilities using standard attack techniques
- Understand client-side attack methods and apply relevant exploitation approaches
- Use scanning tools and techniques to detect and carry out advanced web application attacks
Course Outline
Module Day 1: Web Application Fundamentals
Introduces the course structure and covers how web applications work, the basics of HTTP, broken authentication, broken access control, and an introduction to SQL injection.
Module Day 2: Server-Side Attack Techniques
Continues with an in-depth look at SQL injection, followed by command injection, XML External Entity (XXE) injection, and directory traversal.
Module Day 3: Server-Side and Client-Side Vulnerabilities
Covers file upload vulnerabilities, Server-Side Request Forgery (SSRF), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
Module Day 4: Scanning and Advanced Attack Methods
Addresses scanning techniques, filter bypasses, WAF bypasses, logic bugs, building a web application penetration testing methodology, and completing a full web application penetration test.
