Back to All Events

Practical Hands-on Training for Web Application Penetration Testing

  • Cyber Prep Academy 4/19 Great South Road Auckland, Auckland, 1051 New Zealand (map)

Web applications are a critical asset to many New Zealand organisations and in many cases serves as the front door and as the primary brand identity to its customers.

The exponential rise of web applications is enabling business to revolutionise the customer experience in today’s highly competitive environment. Whilst adoption of cloud technologies has changed the operational side of web application development and deployment, it has become important to confirm that applications remain safe no matter where they reside.

Let’s face it, with the rapid growth in web application development, web application security testing is a critical component in the software development lifecycle – but many organisations do not include security testing as part of their application development process.

It’s no surprise then that web and mobile applications are under constant siege for potential compromise and data breaches as hackers’ methods continue to evolve through the use of new, sophisticated attack mechanisms. A recent survey highlighted that, ‘Applications and Identities are the initial targets in 86% of reported breaches’.

Cyber Prep Academy’s Web Application Penetration Testing short course for beginners will provide you with the practical knowledge, skills, methodologies and tools to identify and exploit vulnerabilities in real world web applications deployed in CPA’s lab.

Presented by a seasoned web application penetration tester, this short course delivers practical training for Web Application Penetration Testing. This is very much hands-on training where you will be using a private lab to assess a web application’s security posture and learn how to exploit the most common vulnerabilities.

Level: Beginners

Who is it for?

This course is designed for:

  • Individuals looking to develop their career in web application penetration testing

  • Web application developers

  • Website designers and architects

  • General security practitioners

  • IT admins

Whether you work in an organisation developing web applications, a general security practitioner responsible for security operations or an individual who is looking to make a career in penetration testing, this Practical Hands-on training for Web Application Penetration Testing short course is for you.


Participants should have a general understanding of web technologies and a basic working knowledge of the Linux command line.

Course outline:


  • What is web application penetration testing and why is it important

  • What is a vulnerability

  • Web application penetration testing tools and methodologies

  • Information gathering

    • Understanding the deployed web application configuration

    • Conduct search engine discovery / reconnaissance

    • What is Fingerprinting and how to use fingerprinting techniques

Authentication Testing

  • What is authentication?

  • Testing for default credentials

  • Test for weak authentication implementations

  • Test remember password functionalities

Application mapping

  • Understanding and mapping application attack surface

Identity management testing

  • Test registration process

  • Account enumeration

Authorisation testing

  • By pass authorisation schema

  • Privilege escalation

Session management testing

  • Bypass session management

  • Test Cookies

  • Identify and exploit session weaknesses

  • SSRF

Input validation testing

  • XSS

  • SQLi

Error handling testing

  • Test if applications are handling errors without exposing sensitive information

Learning outcomes:

  • Learn the process of how to approach web application penetration testing

  • Understanding of how hackers think and how they can compromise applications

  • What is a vulnerability and why do they exist?

  • What are the vulnerability types, exploitation methods and techniques

  • Understanding of methodologies and how to apply them in web application penetration testing

  • Learn how to use Web application tools

  • Develop proficiency to start security testing of web applications

What is included

  • 3 days of practical hands-on training with a seasoned web application penetration tester

  • Training computer equipment will be provided

  • Tea/coffee during breaks along with a light catered lunch

Cyber Prep Academy reserves the right to cancel or re-schedule the offered session. In the event of cancellation or rescheduling, a full refund of course fees will be processed within 10 business days of cancellation or rescheduling notice.

Price $1,319 + GST



Register Now

Name *
Phone *