Contattaci Richiedi un contatto telefonico



Web Application Penetration Testing eXtreme

Ti interessa questo corso?

Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!

Extremely Hands-on

Practice Web App Pentesting against a number of real world web applications. WAPTX includes the most sophisticated virtual lab on Network and Web App Security: Hera Lab

Discover Labs

Become Certified

Obtain the eWPTX certification and prove your practical skills with the only 100% practical certification on Advanced Web Application Penetration Testing

Discover eWPTX

Dai un'occhiata al corso

  • The most advanced course on Web App Pentesting
  • Based on techniques professional pentesters uses
  • Master Advanced Web Application Security tools
  • In depth Web Application Vulnerbailities analysis
  • XSS, SQL Injection, HTML5 and much more
  • In depth obfuscation and encoding techniques
  • Bypassing filters and WAF techniques
  • HTML5 attacks vectors and exploits
  • From the creators of Coliseum and
  • Gives you access to dedicated forums
  • Makes you an advanced Web Application Pentester
  • After obtaining the eWPTX certification qualifies you for 40 CPE

Materiale del corso

  • 4 hours of video training material
  • Over 1100 slides
  • 50 labs in Hera Lab

Fruizione del corso

  • Self-paced
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Prova il corso gratuitamente

Confermo di voler ricevere email da parte di Caendra Inc.


  • Modulo 1 : Encoding and Filtering

    Understanding what kind of data encoding is being used and how it works is fundamental in ensuring that the tests are performed as intended, that’s why this module starts with the basics concept of Data Encoding. The next section is all about Filtering Basics, starting from a brief introduction on how to deal with Regular Expression, to understanding how to detect, fingerprint and evade Web Application Firewalls to finally conclude with analyzing the most common Client-side defensive mechanism.

  • Modulo 2 : Evation Basics

    To complete course introduction it is important to study the main Evasion Techniques that starts from Base64 and not well known URI obfuscation techniques and concludes with JavaScript and PHP Obfuscation techniques.

  • Modulo 3 : Cross-Site Scripting

    This module is entirely dedicate to Cross-site Scripting attacks. It starts from a brief recap of the classification and after that introduces Advanced Attack Techniques and exotic XSS vectors.

  • Modulo 4 : XSS - Filter evasion and WAF bypassing

    This module illustrates advanced Filter Evasion and WAF bypassing techniques such as blacklisting, sanitization, browser filters and much more.

  • Modulo 5 : Cross-Site Request Forgery

    This module is entirely dedicate to Cross-Site Request Forgery attacks. It starts from a brief recap about this vulnerability and after that introduces the main Attack Techniques and Vectors in order to introduce later how to Exploit Weak Anti-CSRF Measures and to conclude Advanced Exploitation techniques.

  • Modulo 6 : HTML5

    This module is entirely dedicate to HTML5 and related attacks. It starts from a recap and more about this technology analyzing the main features on which to focus the attack phase. After that, it comes alive with the main Exploitation techniques and attack scenarios. After analyzed the security concerns introduced with the new HTML5 features, there is an opposite section dedicated to the security enhancements. Here are presented the main mechanisms introduced to improve the security controls.

  • Modulo 7 : SQL Injection

    This module is entirely dedicate to SQL Injection attacks. It starts from a brief recap of the main classification about the exploitation techniques and after that introduces Advanced Attack Techniques.

  • Modulo 8 : SQLi - Filter Evation and WAF Bypassing

    In this module the student will learn advanced Filter Evasion and WAF bypassing techniques.

  • Modulo 9 : XML Attacks

    This module is entirely dedicate to XML attacks. It starts from a recap and more about this technology and after that jumps directly into the main related vulnerabilities such as XML Tag Injcetion, XXE, XEE and XPath Injection. For each of them are analyzed basic and advanced exploitation techniques.

Scarica il Syllabus in PDF


  • Understanding of HTML, HTTP and Javascript.
  • Reading and understanding PHP code will help although not mandatory.
  • Basic development skills required.

Questo corso di formazione è per...

  • Penetration testers
  • Web developers
  • IT admins and staff


The WAPTX course is a practice-based curriculum that comes integrated with Hera Lab.

Lab IDDescrizioneCategoria
Lab 1 XSS - 11 challenging labs Educational
Lab 2 XSRF - 5 challenging labs Educational
Lab 3 SQL Injection - 10 challenging labs Educational
Lab 4 Second-order SQLi - 7 challenging labs Educational
Lab 5 SQLi Playground - 4 test environments to play with Educational
Lab 6 XML Injection - 3 challenging labs Educational
Lab 7 XML External Entities - 7 challenging labs Educational
Lab 8 XML Entity Expansion - 4 challenging labs Educational


Get eWPTX Certification

eLearnSecurity's eWPTX certification is the most practical AND professionally oriented certification you can obtain in web application penetration testing

Ulteriori informazioni


  • Giuseppe Trotta
    Giuseppe Trotta

    Giuseppe is a web application security researcher with over 7 years of experience, author of WAPT and WAPTX courses.

Iscriviti per ottenere l'accesso al nostro materiale formativo e ai laboratori!


The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Torna in cima