Web Penetration Testing Training in hackerSlash is regarded as the topmost application penetration testing course. With an average 30% rise in cyber-attack every year on web-based applications. The web penetration testing training in hackerSlash helps you to know and understand the new technologies used in web penetration testing and helps you in knowing how to use them to protect the organizations' websites and applications from being hacked.

Web-based applications play a very crucial role in an organization. As a customer, the first interaction point between the organization and the customer happens through its website and web based applications. These web application stores are very sensitive to customers and their internal data. The black hat hackers constantly compromise with the websites, deface websites, leak the customers’ credit card and other sensitive information which incurred huge losses for many companies around the globe.

The web penetration testing training in hackerSlash will help the students and working professionals in understanding the web-based applications’ flaws and the necessary steps to follow to exploit them in a real-world scenario. It also provides hands-on practical sessions at the labs that will equip students and working professionals to report their organizations about the security flaws available in their organization and will even help them to implement countermeasures to rectify them. 




Students and corporate with sound programming knowledge can go for this course. As our web application penetration testing training covers the most high-end exploit-driven penetration testing (PT) it is highly recommended to go for the Certified Ethical Hacking CEHv11 or our SlashOHS course which gives you in-depth knowledge on ethical hacking and it covers the first stage of report generation vulnerability assessment (VA). If you want to develop your hacking tool then you can go for the Python programming training where you will learn how to code a hacking tool in a practical oriented class.

Course Syllabus

Module 1: Introduction to Web Penetration Testing

  • Lecture 1: Understanding HTML
  • Lecture 2: Web Application structure
  • Lecture 3: HTML Request and Response


Module 2: Lab Setup 

  • Lecture 4: Install Xampp Server
  • Lecture 5: Setup Vulnerable Web Application
  • Lecture 6: Setup DVWA
  • Lecture 7: Setup Bwapp
  • Lecture 8: Setup WebGoat 7.1
  • Lecture 9: Setup Burp-suite
  • Lecture 10: Setup Burp-Suite CA Certificate
  • Lecture 11: Setup Firefox old version (40.0) with No-redirect addon
  • Lecture 12: Setup Netsparker
  • Lecture 13: Setup Acunetix
  • Lecture 14: Setup Vm-Ware
  • Lecture 15: Install Kali-Linux


Module 3: What is Vulnerability

  • Lecture 16: OWASP Top 10
  • Lecture 17: How you can find out vulnerability in web application?
  • Lecture 18: How you can Exploit that Vulnerability?


Module 4: SQL-Injection

  • Lecture 19: What is SQL Injection?
  • Lecture 20: How you can find out SQL Injection Vulnerability in website?
  • Lecture 21:What is GET Method?
  • Lecture 22: How you can Find out sql-Injection Vulnerability in GET Parameter?
  • Lecture 23: How you can Exploit that vulnerability
  • Lecture 24: What is SQLMAP and How you can use it?
  • Lecture 25: What is POST Method?
  • Lecture 26: How you can Find out sql-Injection Vulnerability in POST Parameter?
  • Lecture 27: How you can Bypass Login page Auth using SQL-Injection Vulnerability?
  • Lecture 28: How you can use different types of payload to bypass Login Page?
  • Lecture 29: What is Intruder? How you can use it?


Module 5: Cross Site Scripting (XSS)

  • Lecture 26: What is Cross Site Scripting Vulnerability?
  • Lecture 27: Where you can find out XSS Vulnerability?
  • Lecture 28: Types of XSS?
  • Lecture 29: Details of Persistence XSS
  • Lecture 30: Details of Non-Persistence XSS
  • Lecture 31: Details of DOM based XSS
  • Lecture 32: XSS DEMO on Live Website
  • Lecture 33: Cookie Stealing using XSS Vulnerability


Module 6: Cross Site Request Forgery (CSRF)

  • Lecture 34: What is CSRF?
  • Lecture 35: Where you can find out CSRF Vulnerability?
  • Lecture 36: CSRF live demo on GET Method
  • Lecture 37: CSRF live demo on POST Method


Module 7: Different Types of Injection 

  • Lecture 38: What is command Injection?
  • Lecture 39: Live Demo on command Injection
  • Lecture 40: What is Code Injection
  • Lecture 41: What is X-Path Injection?
  • Lecture 42: Live Demo on X-Path Injection
  • Lecture 43: What is LDAP Injection?
  • Lecture 44: Live Demo on LDAP Injection
  • Lecture 45: What is HTML Injection?
  • Lecture 46: Live Demo on HTML Injection
  • Lecture 47:What is XXE?
  • Lecture 48: Live Demo on XXE
  • Lecture 49: What is XML- Injection?
  • Lecture 50: Live Demo on XML-Injection


Module 8: Security Misconfiguration

  • Lecture 51: What is security misconfiguration?
  • Lecture 52: What is Directory Listing ?
  • Lecture 53: Live Demo on Directory Listing Vulnerability
  • Lecture 53: What is CORS?
  • Lecture 54: Live Demo on CORS
  • Lecture 55: What is OPTION Method? How it’s effect?


Module 9: Sessions Hijacking

  • Lecture 56: What is Sessions?
  • Lecture 57: How we can bypass the session?
  • Lecture 58: Use Burp Sequencer how we can generate sessions?


Module 10: Webshell or Webserver Hacking

  • Lecture 59: What is Webshell?
  • Lecture 60: How you can hack webserver using Webshell?
  • Lecture 61: How you can bypass client side validation and uploading webshell?
  • Lecture 62: How you can bypass content type validation and uploading webshell?
  • Lecture 63: What is RFI and using RFI how you can access webserver?
  • Lecture 64: Using Weevely how you can upload webshell?


Module 11: Burp Suite Manual Testing

  • Lecture 65: Using Burp Suite how you can do Manual Testing?
  • Lecture 66: What is spider how you can use it?
  • Lecture 67: What is Intruder how you can use it?
  • Lecture 68: What is Repeater how you can use it?
  • Lecture 69: What is Sequencer how you can use it?
  • Lecture 70: What is Decoder how you can use it?
  • Lecture 71: What is Compare how you can use it?
  • Lecture 72: What is Extender how you can use it?


Module 12: Vulnerability Scanner Automation Testing

  • Lecture 73: Using scanner how you can do automation Testing?
  • Lecture 74: What is Netsparkar how you can use it?
  • Lecture 75: What is Acunetix how you can use it?


Module 13: URL redirect and forward 

  • How Web Application Works  
  • Request and Response
  • Installing Scanner (Acuntix,Netsparker)      
  • Scanning Website     


Module 14: Insecure De-serialization

  •  Lecture 78: What is Insecure De-serialization?


Module 15: Using Components with known vulnerabilities 

  •  Lecture 79: what is Using Components with known vulnerabilities?


Module 16: Insufficient logging and monitoring  

  •  Lecture 80: What is Insufficient logging and monitoring?


Module 17: Broken Authentication 

  • Lecture 81: What is Broken Authentication?
  • Lecture 82: How you can bypass Post Login page without valid sessions?
  • Lecture 83: How you can use No-redirect add-on?


Module 18: Broken Access control

  • Lecture 84: What is Broken Access control?
  • Lecture 85: Live Demo on Broken Access control




3 Months



# 7,000 Taka for Bangladeshi Students

# $100 USD for International Students



Contact us:

Need Technical Assistance? Speak with a support representative by Mailing - hackerslash@icloud.com