Toll Free: 1.877.290.9507 | Direct:708.689.0131

Web Application Penetration Testing

Intense School's award-winning 5-Day Web Application Penetration Testing Boot Camp focuses on preparing students for the real world of Web App Pen Testing through extensive lab exercises and thought-provoking lectures led by an expert instructor. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach.

 Intense School offers this award winning Web Application Penetration Testing program to train and prepare IT Security Professionals.

Information about this course:

View schedule for classroom bootcamps

This course is offered as:

  • Classroom Instructor-led Boot Camp
  • Live Online Instructor-led Boot Camp
  • Mentored Self-Paced Online
  • Streaming-Only Self-Paced Online


View Course Pricing

and what is included with your enrollment

Course Highlights
  • Learn the Secrets of Web App Pen Testing in a totally hands-on classroom environment
  • Learn how to exploit and defend real-world web apps – not just silly sample code
  • Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
  • Understand how to find Vulnerabilities in Source Code
  • Take home a fully featured Web App Pen Test Toolkit
  • Learn how perform OWASP Top 10 Assessments – for PCI DSS compliance
  • Leave Certified - IACRB CWAPT (Web Application Penetration Tester) Exam delivered On-Site
Intensive Hands-On Training:

The Web Application Penetration Testing course from Intense School is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought-provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Typical lab exercises consist of a real-world app that demonstrates a vulnerability commonly found in a web app. You learn how to assess the application much as a black hat hacker would, and then exploit the app so that you can demonstrate the true risk of the vulnerability to the application owner. This can involve taking control of the application itself, downloading data the application stores, or potentially using the app as a launching pad to attack unsuspecting visitors with a malicious script. Finally, the lab will follow up with remediation steps so that the application owner can properly close down the security hole for good.

Nightly Capture The Flag (CTF) Exercises:

After learning important Web App Pen Testing concepts during the day in a structured learning environment led by an expert instructor, it is important in the knowledge transfer process to attempt to apply the concepts you learned during the day in an unscripted, controlled exercise. The InfoSec Institute CTF exercises consist of a variety of web applications set up and designed to mimic the web presence of a company, a bank, a credit union, and an internal web app. You are then challenged by the instructor to capture specific flags that require you to apply your knowledge gained during the day. The CTFs are instructor-supervised, so if you get stuck, there is always a resource at hand to offer guidance.

We feel CTFs are a tremendous way to ensure you leave the course with the skills needed to perform Web App Pen Tests at work after the course is completed.

Up To Date, Current, Courseware:

The threat landscape for Web Applications changes on a near continuous basis. Bad guys wishing to attack your applications know that they need to stay ahead of the curve in order to get in. For this reason, we continuously updates our Web App Pen Testing courseware to cover the latest and greats threats, exploits and mitigation strategies.

Expert Instruction:

Intense School instructors that teach the Web App Pen Testing course are highly seasoned and have years of in the field pen testing experience. Not only are they active in the field of pen testing, they are industry-recognized experts that present at conferences such as DEFCON, Black Hat Briefings, RSA Security.

Many of our instructors have authored some of the top Penetration Testing books on the market today:


Sample of Topics Covered:

An assortment of topics you will learn to master during the Application Security Training (click here to get the fully detailed day-by-day syllabus):

  • Web Application (In)security
  • Core Defense Mechanisms – OWASP Top 10
  • Cross-Site Scripting (XSS)
  • Broken Authentication and Session Management
  • Insecure Direct Object References
  • Cross-Site Request Forgery (CSRF)
  • Insufficient Transport Layer Protection
  • Unvalidated Redirects and Forwards
  • Encoding Schemes, URL Encoding, Unicode Encoding
  • Bypassing Client-Side Controls
  • Transmitting Data via the Client
  • Hacking ASP.NET ViewState
  • Decompiling Java Bytecode
  • Coping with Bytecode Obfuscation
  • Reverse Engineering ActiveX
  • Manipulating Exported Functions
  • Attacking Authentication
  • Exploiting Verbose Failure Messages
  • Exploiting Vulnerable Transmission of Credentials
  • Attacking Password Change Functionality & Forgotten Password Functionality
  • Predictable Usernames & Initial Passwords
  • Prevent Misuse of the Account Recovery Function
  • Attacking Session Management
  • Attacking Access Controls
  • Common Vulnerabilities
  • Targeting Identifier-Based Functions
  • Securing Access Controls
  • Injecting into Interpreted Languages
  • Exploiting ODBC Error Messages (MS-SQL Only)
  • Enumerating Table and Column Names
  • Extracting Arbitrary Data
  • Parameterized Queries
  • Finding Dynamic Execution Vulnerabilities
  • File Inclusion Vulnerabilities
  • Preventing SOAP Injection
  • SMTP Command Injection
  • Injecting into LDAP
  • Storing XSS in Uploaded Files
  • Real-World XSS Attacks
  • Chaining XSS and Other Attacks
  • HTTP Response Splitting
  • Exploiting XSRF Flaws
  • Exploiting Information Disclosure Vulnerabilities
  • Exploiting Error Messages
  • Buffer Overflow Vulnerabilities
  • Heap Overflows
  • “Off-by-One” Vulnerabilities
  • Attacking & Assessing Application Architectures
  • Attacking Tiered Architectures
  • Exploiting Trust Relationships between Tiers
  • Subverting Other Tiers
  • Attacking Other Tiers
  • Source Code Auditing

What's Included:
  • 5 Days of Web Application Penetration Testing training from a senior instructor with real-world application assessment and remediation experience.
  • Guaranteed small class size (less than 10-16 Students), you get an intimate learning setting not offered at any of our competitors.
  • InfoSec's Custom Application Security Enterprise Suite, includes every program covered in the course for at home study.
  • Breakfast, lunch, snacks and refreshments included.
  • IACRB - Certified Web Application Penetration Tester exam fees.
  • Lecture, Lab Exercise and Text book

Click here to get more information about this class!

Instantly View Course Syllabus and price

Select the type of training that best fits your schedule and learning style!

Live, Online, Self-Paced, Classroom - contact us for details on each.


Streaming Only

Base Course. Best for refresher courses

  • Easy Online Access
  • Expert Cisco Instructor
  • Exam Review
  • Highest Quality Content - 90% Pass
  • Self-Paced Training

Mentored Online

Most popular self-pace option.

  • Online & Offline Playback (DVD,mobile)
  • Expert Cisco Instructor
  • Intense Proprietary Exam Prep
  • Highest Quality Content - 90% Pass
  • Self-Paced Mentored Training
  • Mentor & Live Instructor Support
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Exercise Files


Our top rated trainign experience

  • Live Classroom
  • Expert Instructor constantly available
  • Intense Proprietary Exam Prep
  • Highest Quality Content - 90% Pass
  • Self-Paced Training (optional add-on)
  • Extensive Live Instructor Support
  • Our highest pass rate course version
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Exercise Files

Live Online

As close to the classroom from home

  • Live Classroom
  • Expert Instructor constantly available
  • Intense Proprietary Exam Prep
  • Highest Quality Content - 90% Pass
  • Self-Paced Training (optional add-on)
  • Extensive Live Instructor Support
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Exercise Files

This course is a technical security course targeted at IT Security Professionals, Security Engineers, Penetration Testers, Software Developers and QA Engineers. You should have some experience with Penetration Testing, IT Security and the Software Development Life Cycle (SDLC).