WAPT Training

Web Application Penetration Testing – WAPT Training

WAPT TrainingWeb application security (WAPT Training) is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP. In the race to develop online services, web applications have been developed and deployed with minimal attention given to security risks, resulting in a surprising number of corporate sites that are vulnerable to hackers. Prominent sites from a number of regulated industries including financial services, government, healthcare, and retail, are probed daily. Some banks have reported being probed as many as 50 times a day. The consequences of a security breach are great: loss of revenues, damage to credibility, legal liability and loss of customer trust.

Web applications are used to perform most major tasks or website functions. They include forms that collect personal, classified and confidential information such as medical history, credit and bank account information as well as user satisfaction feedback. Gartner has noted that almost 75 percent of attacks are tunneling through web applications. Web application security is a significant privacy and risk compliance concern that remains largely unaddressed.

This course covers the basic concepts and terminology for understanding application security issues. It provides a definition of application-level security and demonstrates how its concerns extend beyond those of traditional infrastructure security. The course explains common application security vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS) and authorization issues. Using this knowledge, developers, QA testers and security personnel will be able to address application-level threats.

Who to Attend:

Security Professionals, Developers, Project Managers, Quality Assurance Staff. Programmers who want to design and develop secure applications & identify potential security vulnerabilities early in the development process.


Strong Programming skills & good knowledge of Web technologies (C, HTML, JAVA/.NET, PHP is an added advantage)

Course Outline:

Introduction To Web Application

Introduction to Web Application

Types Of Web Application

Use Of Web Application

Advantage And Disadvantage Of Web Application

Design Your First Web Application

Common Attacks On Web Application

Introduction To Database

Introduction to Database

Different Types Of Database

Use Of Database

Advantages and Disadvantages of Database

Connecting Database With Web Application

Common Attacks On Database

Basics Of Web Application Programming





OWASP Top 10

SQL Injection

Cross Site Scripting

Broken Authentication & Session Management

Insecure direct Object References

Cross Site Request Forgery (CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

Failure to Restrict URL Access

Insufficient Transport Layer Protection

Unvalidated Redirects and Forwards

Implementation of OWASP on DVWA,WEBGOAT

Overview of DVWA

Installation of DVWA

Introduction to WebGoat

Configuring WebGoat

Installation of Wamp Or Xampp

Demonstration Of OWASP Top 10 On DVWA & WebGoat

PHP & JAVA Injection

Introduction to PHP Injection

Introduction to JAVA Injection

Bypass Authentication using PHP & JAVA Injection

Injection of Malicious Script Using PHP & Java Injection

CMS Hacking(Joomla, WordPress)

CMS Overview

Introduction to Joomla & WordPress

Installation and Configuration of Joomla & WordPress

Control Panel Handling Of Joomla & WordPress

Your First Site In Joomla & WordPress

Hack CMS Using Vulnerable Plugings


Automatic & Maunal Vulnerability Finding

Find Vulnerabilities Using Search Engines

Vulnerabilities Findings Using Browser Addons & Plugings

Tools For Finding Vulnerabilities


Web Scanners & Proxy ( Hands on Practice )







Zap Proxy

Sniffing & DNS-ARP Poisioning


Cain & Abel



Network Miner

Session Hijacking

HTTP Session Hijacking

HTTPS Session Hijacking

Cookie Stealing

URL & Website Virus Scanning

URL Filtering & Scanning

Web Site Scanning For Malicious Scripts

Safe Surfing & Downloading Tips

Browser Security

Designing Website Trackers

What are Web Site Trackers?

Custom Trackers

Web Sites for Online Tracking

Implementation of Tracker in Web Pages

Web Server(Apache, IIS) Vulnerability Testing

Common Vulnerabilities in Web Servers

Tool Based Testing

Manual Testing


Download Soft Copy Request Course Details

  • rajeeve placement form fls

    Name: Rajeev Designation: Security Analyst Company: RED SHIFT

  • cnfs training institute

    Name: Avinash Designation: Remediation Engineer Company: A

  • pardhiv

    Name: Pardhiv reddy Designation: Security Analyst Company: FI

  • jagdeesh

    Name: Jagdeesh Kumar Designation: Security Analyst Company: Allied

  • sisir

    Name: Sisir Kumar Designation: Sr. Security Consultant Company:

  • venkatesh

    Name: Venkatesh Designation: System Admin

  • sampath

    Name: Sampath varma Designation: System Administrator Company:

  • kanisha

    Name: Kanishka Designation: Security Analyst Company: Torrid

  • pavan-kumar

    Name: Pavankumar Designation: Network Administrator Company: Trace Network S

  • rajesh-kumar

    Name: Rajesh Kumar Designation: ISMS Company: Exp