Web Hacking (HPWH)

This curriculum introduces you to Web Application Hacking.

  • Practical focus
  • Learn how web application security flaws are found
  • Discover leading industry standards and approaches
  • Use this foundation to enhance your knowledge
  • Prepare for more advanced web application topics


This is an entry level web application security testing course and is a pre-requisite for the Advanced Web Hacking course. Tools and techniques will be taught in the 2-day course. If you would like to step into the world of ethical hacking / penetration testing with a focus on web applications, then this is the class for you.


Who should take this class?

  • System administrators
  • Web developers
  • SOC analysts
  • Penetration testers
  • Network engineers
  • Security enthusiasts
  • Anyone who wants to take their skills to the next level


Class Content

Day 1

Information gathering, profiling and cross-site scripting

  • Understand HTTP protocol
  • Identify the attack surface
  • Username enumeration
  • Information disclosure
  • Issues with SSL / TLS
  • Cross-site scripting


Day 2

Injection, flaws, files and hacks

  • SQL injection
  • XXE attacks
  • OS code injection
  • Local / remote file include?
  • Cryptographic weakness
  • Business logic flaws
  • Insecure file uploads