WAP295

Web Penetration Testing Course - Master Application Security

Q: What will I learn in this Web Penetration Testing course?

You will master essential web penetration testing skills including HTTP protocol analysis, vulnerability identification using OWASP Top 10 framework, information gathering through OSINT and DNS reconnaissance, exploitation of file-related vulnerabilities (LFI/RFI), advanced injection attacks (SQL injection, XXE, command injection), session management testing, authentication bypasses, CSRF attacks, and hands-on experience with industry-standard tools like BurpSuite Pro, Metasploit, Nmap, and WPScan.

Q: What are the prerequisites for this course?

This beginner-level course requires a graduate-level qualification and is designed for entry-level professionals, engineers, and mid-level managers. While no specific cybersecurity experience is required, basic understanding of web technologies, networking concepts, and familiarity with command-line interfaces would be beneficial for maximizing your learning experience.

Q: Is this course suitable for beginners in cybersecurity?

Yes, this is specifically designed as a beginner-level course. It starts with fundamental concepts like HTTP protocols and web application architectures before progressing to more advanced topics. The comprehensive 2-day program is structured to take you from basic understanding to practical exploitation techniques, making it ideal for those new to web penetration testing.

Q: What tools and software will I learn to use?

You will gain hands-on experience with industry-standard penetration testing tools including BurpSuite Pro for web application testing, Zed Attack Proxy for interception, Nmap for network reconnaissance, WPScan for WordPress security testing, Metasploit for exploitation, fuff for content discovery, Mutillidae for practice, and Python scripting for automation during penetration tests.

Q: How is the course delivered and what teaching methods are used?

The course uses a comprehensive approach combining lectures, slide presentations, real-world case studies, group discussions, and interactive Q&A sessions. This blended methodology ensures you not only understand the theoretical concepts but also gain practical insights through collaborative learning and hands-on application of penetration testing techniques.

Q: Will I receive a certification upon completion?

This particular course does not include a formal certification. However, you will gain comprehensive knowledge and practical skills in web penetration testing that will significantly enhance your cybersecurity expertise and prepare you for industry-recognized certifications in the field.

Q: What career benefits can I expect after completing this course?

Upon completion, you'll be equipped with in-demand skills for roles in cybersecurity, including penetration tester, security analyst, web application security specialist, or security consultant. You'll understand critical vulnerabilities, master essential tools, and be able to conduct professional security assessments, making you valuable to organizations seeking to protect their web applications from cyber threats.

Q: Where is the training conducted?

Our online trainings are conducted usually using Zoom or Google Meet. Our physical trainings are normally held in Common Ground, Bangsar South .

Q: Can international participants join this course?

Please check the Available in section to see which countries the course is available in. If your country is not listed, please contact us.

Q: What is the difference between public, corporate, and training provider pricing?

Public pricing : applies for individuals signing up from different companies. Corporate pricing : applies if a company wants to have an intake for its employees only. Training provider pricing : applies only for other training providers looking to hire our trainers and use our content. Our content has a licensing fee.

Master web penetration testing with our dynamic training program. Learn to exploit vulnerabilities using cutting-edge techniques and tools like BurpSuite Pro and sqlmap. Gain expertise in HTTP protocols, SSL weaknesses, file-related vulnerabilities, injection attacks including SQLi/XXE, CSRF defense tactics, logic flaws analysis and more.

Available in:
Malaysia

Online Jun 1-2, 2026 9:00 AM - 5:00 PM Dr. Esther Suria Kala

Created: June 11th 2021, 8:22 AM MYT Last Modified: May 29th 2026, 6:03 AM MYT

updated

beginner

We price match

Public Pricing

MYR 3500

Corporate Pricing

Pax:

Training Fees: MYR 6500/day

Total Fees: MYR 13000 ++

Training Provider Pricing

Pax:

Training Fees: MYR 2400/day

Material Fees: MYR 400

Total Fees: MYR 5200 ++

Features

2 days

16 modules

1 intake

English

Technical: 25 pax

Target Audience

students

engineers

managers

Methodologies

lecture

slides

case studies

group discussion

q&A

Subsidies

What you'll learn

Develop proficiency in scripting for automation during penetration tests.
Execute sophisticated injection attacks such as SQLi/XXE.
Understand the basics of HTTP protocols and web application architectures.
Identify and exploit various file-related vulnerabilities including LFI/RFI.
Navigate complex authentication mechanisms and session management vulnerabilities.
Conduct effective information gathering using OSINT and other reconnaissance methods.
Implement CSRF mitigation strategies and understand logic flaw exploitation.
Utilize advanced penetration testing tools including Nmap, WPScan, Metasploit.

Why should you attend?

Web Penetration Testing is an essential skill set for security professionals seeking to identify and exploit vulnerabilities within web applications. This comprehensive course delves into the intricacies of various web technologies, equipping participants with a deep understanding of the HTTP protocol, encoding schemes, and state management mechanisms. Participants will explore the OWASP Top 10, CWE, and SANS 25 to comprehend the most critical web security risks. The course progresses by covering information gathering techniques using WHOIS, DNS reconnaissance, and open source intelligence (OSINT). It also addresses SSL configurations and interception proxies like BurpSuite Pro and Zed Attack Proxy. Learners will engage in content discovery, session testing, authentication bypasses, and utilize tools like fuff and Mutillidae to brute force unlinked files and directories. File-related vulnerabilities such as Local File Inclusion (LFI), Remote File Inclusion (RFI), unrestricted file uploads, and remote code execution are thoroughly examined. Injection attacks including SQL injection, command injection, directory traversal, insecure deserialization, and XML External Entity (XXE) exploitation form a core component of this curriculum. Moreover, learners will gain insights into advanced attack vectors like Cross-Site Request Forgery (CSRF), logic flaws, API attacks, AJAX security issues, and the use of Python for penetration testing. Finally, the course covers the effective use of industry-standard tools such as Nmap, WPScan, Metasploit, BurpSuite Pro Scanner, along with strategies for website auditing and post-assessment reporting.

Course Syllabus

Day 1 - Web Application Fundamentals

Module 1

Module 2

Short Break

15 mins

Module 3

Module 4

Recap and Q&A

15 mins

Lunch

1 hour

Module 5

Module 6

Short Break

15 mins

Module 7

Module 8

Recap and Q&A

15 mins

End of Day 1

Day 2 - Information Gathering Techniques

Module 9

Module 10

Short Break

15 mins

Module 11

Module 12

Recap and Q&A

15 mins

Lunch

1 hour

Module 13

Module 14

Short Break

15 mins

Module 15

Module 16

Recap and Q&A

15 mins

End of Day 2

Ratings and Reviews

( 3 ratings )

100%

( 3 reviews )

Instructor

Dr. Esther Suria Kala ICT & Cybersecurity Training Expert

Trainer Profile

TTT Certificate

Dr. Esther Suria Kala is a highly accomplished ICT consultant and corporate trainer with nearly 30 years of extensive experience in information technology, project management, and organizational development. As the founder of Angel Software Solutions, she has established herself as a versatile and dedicated professional who delivers cutting-edge training solutions across Malaysia and internationally.

Her academic credentials are exceptional, including a PhD in Psychology with a focus on Human Behaviour and Human Resources, an MBA in Finance, and degrees in both Computer Science and Human Resources. Currently pursuing a second PhD in IT Information Security, Dr. Esther demonstrates an unwavering commitment to continuous learning and staying at the forefront of technological advancement. Her educational foundation is complemented by an impressive array of professional certifications, including Microsoft Certified Trainer (MCT), CISSP, ITIL, SAP Certified Associate, Certified Cyber Security Professional, Data Scientist, AI Engineering, and ECBA certifications.

Dr. Esther's technical expertise spans an extensive range of domains, from traditional programming languages like Java, C++, and PHP to modern technologies including Python, AI coding, machine learning, RPA, and IR 4.0 microservices. She is proficient in database management systems including Microsoft SQL Server and Oracle, web development frameworks, and enterprise solutions like SAP Crystal Reports and SharePoint Server. Her knowledge extends to cybersecurity, ethical hacking, network administration, and data analytics, making her uniquely qualified to address both technical and strategic business challenges.

As a trainer, Dr. Esther excels in bridging the gap between technical complexity and practical application. She delivers comprehensive training programs for both IT and non-IT professionals, covering everything from software development and cloud computing to soft skills such as digital marketing, business analysis, customer service, and project management. Her ability to communicate effectively in both English and Bahasa Malaysia enables her to connect with diverse audiences across different organizational levels.

Her impressive client portfolio includes leading organizations such as Maybank, Telekom Malaysia, Malaysian Airlines, Tenaga Nasional Berhad, Bank Negara, Ministry of Education, Ministry of Finance, and numerous multinational corporations. This extensive experience across banking, telecommunications, government, aviation, and technology sectors demonstrates her adaptability and deep understanding of varied industry requirements. Recognized with the Outstanding Achievement Award in Information Technology from University Malaya in 2013, Dr. Esther continues to empower organizations through innovative training solutions that drive digital transformation and professional excellence.

225 Courses

English, Malay, Hindi, German, Tamil

30 Years

( 0 ratings )

( 0 reviews )

Instructor

Habil Hadi Mohammed Additive Manufacturing & 3D Printing Specialist

Trainer Profile

Habil Hadi Mohammed is a highly skilled Mechanical Engineer and Research Fellow specializing in advanced manufacturing technologies, with particular expertise in additive manufacturing, 3D printing, and functionally graded materials (FGM). Currently pursuing his PhD in Biomedical Engineering at Universiti Putra Malaysia (UPM), he combines strong academic credentials with practical engineering experience to deliver innovative solutions across multiple industries. With a Master's degree in Manufacturing Systems Engineering (CGPA 3.81/4) and a Bachelor's in Mechanical Engineering, Habil has established himself as an expert in the rapidly evolving field of additive manufacturing. His research focuses on cutting-edge topics including multi-material 3D printing, material extrusion processes, and surface finishing techniques for FDM printed parts. His work has been recognized at international conferences in Slovenia, Malaysia, and Hong Kong, where he has presented papers on FGM implementation and material flow control in additive manufacturing. As a Research Fellow at UPM since 2021, Habil has demonstrated exceptional capabilities in software development, automation, and prototype design. He has successfully developed software for multi-material FGM 3D printers, designed automated sports equipment, and created hydroponic plant systems. His current role as a Developer Engineer for an international Swiss company showcases his ability to bridge theoretical knowledge with practical application, where he designs, programs, and develops machines using both 3D printing and conventional manufacturing techniques. Habil's technical proficiency spans multiple programming languages including Python, C/C++, Arduino, XCode, and Swift, complemented by expertise in CAD software such as AutoCAD, Fusion360, ANSYS, and SolidWorks. His analytical skills are enhanced by proficiency in data analysis tools including Minitab, SPSS, and Python. Beyond technical skills, his management experience as an Area Manager demonstrates strong leadership abilities, having successfully doubled sales through strategic planning and employee training. Multilingual and culturally adaptable, Habil brings a unique global perspective to engineering challenges, making him an invaluable asset for organizations seeking innovation in manufacturing technology and engineering education.

121 Courses

English

9 Years

( 0 ratings )

( 0 reviews )

Course Reviews

"Great course. I was able to gain knowledge on web application security and how to identify and prevent common vulnerabilities."

"Best course material to develop expertise in using advanced tools such as BurpSuite Pro scanner and Metasploit."

"I like the course. It provided me with the immense knowledge."

FAQ

Frequently Asked Questions About This Course

What will I learn in this Web Penetration Testing course?

What are the prerequisites for this course?

Is this course suitable for beginners in cybersecurity?

What tools and software will I learn to use?

How is the course delivered and what teaching methods are used?

Will I receive a certification upon completion?

What career benefits can I expect after completing this course?

Where is the training conducted?

Can international participants join this course?

What is the difference between public, corporate, and training provider pricing?

Do I have to pay right away?

I just enrolled in an intake. Does that mean I can attend the course on that date?

What happens if quorum for an intake is not reached?

Why should you attend?

What you'll learn

Develop proficiency in scripting for automation during penetration tests.
Execute sophisticated injection attacks such as SQLi/XXE.
Understand the basics of HTTP protocols and web application architectures.
Identify and exploit various file-related vulnerabilities including LFI/RFI.
Navigate complex authentication mechanisms and session management vulnerabilities.
Conduct effective information gathering using OSINT and other reconnaissance methods.
Implement CSRF mitigation strategies and understand logic flaw exploitation.
Utilize advanced penetration testing tools including Nmap, WPScan, Metasploit.

Course Syllabus

Day 1 - Web Application Fundamentals

Module 1

Module 2

Short Break

15 mins

Module 3

Module 4

Recap and Q&A

15 mins

Lunch

1 hour

Module 5

Module 6

Short Break

15 mins

Module 7

Module 8

Recap and Q&A

15 mins

End of Day 1

Day 2 - Information Gathering Techniques

Module 9

Module 10

Short Break

15 mins

Module 11

Module 12

Recap and Q&A

15 mins

Lunch

1 hour

Module 13

Module 14

Short Break

15 mins

Module 15

Module 16

Recap and Q&A

15 mins

End of Day 2