VAPT Courses


Course Description

Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate websites and web applications. These vulnerabilities leave websites open to exploitation. The Web Application Penetration Testing course from Codec Networks is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor.

Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Globally with the rising number of incidents of web defacement, the scope of Web Application penetration Tester is definitely rising. Today Web Application Penetration Testers are in very high demand in software companies, IT security firms, Government and Private Sectors etc. By the end of the course, you should be able to meet the following objectives:

  • An understanding of advanced web penetration techniques
  • Skills to test and exploit specific target environments such as content management systems and infrastructure applications
  • Understanding of encryption and its usage within web applications
  • Methods to recognize and bypass application, platform, and WAF defences
  • Skills to test and evaluate web services used in an enterprise
  • Understanding how to test backend services for mobile applications.

Target Audience

Prior to enrolling in our authorized WAPT, candidates must have basic knowledge of:

  • JAVA or .NET or PHP
  • Knowledge of Database Programming
  • Knowledge of HTML & Java-script

Those who successfully completed this training have pursue his/her career as a Web Pen tester, Web security analyst/consultant, Web Application security analyst

Course Duration

  • 40 Hours

Course Content

  • Course Content
  • Introduction
  • Introduction to Web-application
  • Basics
  • HTTP Protocol
  • Web servers and clients
  • Server-side and Client-side security controls
  • Mastering Burp suite
  • Injections
  • Reflected XSS, Stored
  • Cross-site Request Forgery
  • Authentication testing
  • Authorization testing
  • Types of web application security testing
  • Reconnaissance
  • SSL & Configuration testing
  • Session Management testing
  • Brute force web applications
  • Parameter Manipulation
  • Other Attacks
  • Samurai WTF
  • Firefox security Add-ons
  • Automated Scanners
  • VAPT Methodologies
  • Reporting