Web Application Penetration Testing Training

Truephers Certified Web App Penetration Tester

Truephers provide Web application penetration testing training for the determinant aspirants who want to pursue their career in Web Application penetration testing. This course pre requires knowledge equivalent to Truephers Certified Cyber Security Professional 1.0 course. If a student has knowledge equivalent to Truephers Certified Penetration Tester 2.0, the advanced course then it is more beneficial for the student, although it is not mandatory. This is a one month course covering all aspects of web application attacks and methodologies. This course makes you eligible for performing web application penetration testing and performing bug hunting at different bug bounty programs. To know more call us or make a visit to us. 

Course Content Web App Penetration Testing

  • What is web 2.0
  • Protocols
  • Web Server
  • Web Programming Languages
  • Verb Tampering
  • Netcat
  • Firefox Hackers Browser
  • Installing Add-ons
  • Foxy-proxy
  • Cookie editor
  • HTTP–request-response interceptor
  • Tamper monkey
  • Greasemonkey
  • Hackers bar
  • Firebug
  • Noscript
  • UserAgent Switcher
  • Mapping the Web Application
  • OS Fingerprinting
  • Web Server Fingerprinting
  • Whois Enumeration
  • Wayback Machine
  • Reverse IP Domain Check
  • Email harvesting
  • Sub-domain finding
  • Active port scanning
  • Nmap port scanning
  • Burp Suite Introduction
  • Burp Suite Configuration
  • Burp Suite Interceptor
  • Burp Suite Repeater
  • Burp Suite Intruder
  • Burp Suite Comparer
  • Burp Suite Decoder
  • Burp Suite Sequencer
  • OWASP ZAP Proxy tool
  • Using OWASP ZAP Proxy tool
  • Using Google Dorks
  • Finding Open Cameras
  • Finding files types, pages on particular Website
  • Finding backup and log files
  • Finding default configured Routers
  • SHODAN (Search Engine for IOT)
  • Understanding Web Authentications
  • HTTP-Basic Authentications
  • HTTP-Digest Authentications
  • Attacking HTTP-form based Authentications
  • Bypassing Login forms
  • Fuzzing Login forms
  • Understanding Session Management
  • Understanding Cookies
  • Fuzzing Session Management
  • Finding weak session tokens
  • Session token manipulation
  • BurpSuite Sequencer
  • Command Injection
  • Command Injection filter bypass
  • Command Injection with commix
  • Command Injection to reverse shell on box.
  • Basics File Uploads Vulnerabilities
  • Content-Type check bypass
  • Bypassing blacklist uploads.
  • Bypassing with PHPx
  • Bypassing using double extension
  • Bypassing getimagesize() check
  • Null byte injection 
  • File upload to reverse shell
  • Remote file Inclusion
  • RFI to shell on box
  • Local file inclusion
  • LFI filter bypass
  • LFI to shell on box or complete server takeover.
  • LFI with null byte injection
  • Remote code execution with LFI and Apache logs poisoning.
  • Remote code execution with LFI and SSH logs poisoning.
  • Understanding SQL Injection
  • Login bypass with SQL Injection
  • Union based SQL Injection
  • Blind SQL Injection
  • Error based SQL Injection
  • SQL Injection with SQLMap
  • Sniffing
  • ARP Poisoning
  • HTTP, FTP Password Capturing
  • Cain and Able
  • Etter-cap sniffing
  • Degrading HTTPS to HTTP with SSL-strip and sniff data.
  • Introduction to JavaScript
  • Syntax, Comments, Variables, Functions, Events, Strings, Numbers
  • Modifying HTML with JavaScript
  • Modifying all links with JavaScript
  • Modifying forms with JavaScript
  • Event Listeners
  • Internal/ External JS
  • XMLHttpRequest
  • HTML Parsing
  • XML Parsing
  • JSON Parsing
  • Basics of JavaScript 
  • Basics of Cross site scripting (XSS)
  • DOM based XSS
  • Cross Site Request Forgery
  • CSRF token bypassing
  • Multi-Step CSRF
  • Beef Framework
  • HTML Injection Basics
  • HTML Injection in parameters
  • Bypassing filters

Regular Classes

  • Duration:  40 hours
  • No time limitation for practice
  • 2 hours a day, 5 days a week for classes
  • Doubt clearance sessions
  • Fully equipped practice machines.
  • 70% practicals
  • Internet access
  • Weekly tests and Quizzes
  • Online fee payment available
  • Max 1:14 Teacher Students ratio
  •  Includes Offline/Online Training + Exam + Certification + Job assistance
  • Assistance for acquiring International Certifications as well.

Weekend Classes

  • Duration: 40 hours
  • No time limitation for practice
  • 5 hours each on Saturday Sunday
  • Doubt clearance sessions
  • Fully equipped practice machines.
  • 70% practicals
  • Internet access
  • Weekly tests and Quizzes on Saturday
  • Online fee payment available
  • Max 1:10 Teacher Students ratio
  •  Includes Offline/Online Training + Exam + Certification + Job assistance
  • Assistance for acquiring International Certifications as well.

WHY TRUEPHERS​ ?

  • Government registered organization
  • Offensive Security certified trainers
  • Core Ethical Hacking | Nothing else
  • Best Ethical Hacking institute in Chandigarh, Mohali
  • Lowest fees but unlimited learning
  • No extra fee for exam and certification
  • 100% Job assistance and interview scheduling
  • Guaranteed lowest fees than others
  • Tailored made training courses available
  • Free personality development training session
  • ISO certified training center
  • No time limit for practice | Full day lab access
  • Full satisfaction of students guaranteed
  • Group discounts | Learn with your friends and colleges

Goodies Takeaway​

Certificate

Students who clear the Exam with at least 70% marks get the certification + Goodies. If fails, she can retake Examination at a nominal fee of Rs 300.

Toolkit

Students who enroll for this course gets the latest version of free, trial and community editions of tools, used during the training.

E-Book's

Students who enroll for this course gets the latest version of free and community editions of ebooks used during the training.

Full Job Assistance

Every Student Who clears the Exam gets full job assistance till she gets her first job.

Learn from Experts

Our Trainers are Certified Ethical Hacker (OSCP). Having a vast amount of experience in Penetration Testing and Teaching as well.

Be A TRUEPHERS Certified

Learn from Industry Leaders in Cyber Security and get Certified with Truephers. 

Meet Our Training Lead

Harjeet Singh Baidwan

Training head & CEO

Harjeet Singh Baidwan is a name among top Cyber Security enthuasists.

Meet us at:

F-28, Top Floor, Phase 8, Industrial Area, S.A.S Nagar, Mohali, Punjab 160071

Call us

+91 73 994 994 73

E Mail us

info@truephers.com

Make us Call You

WHATSAPP US FB Messenger +917399499473