Web Application Hacking
A practical workshop on how to detect and exploit Web application vulnerabilities and use this to their advantage when attacking information systems.
40 hours
Red Team
40 hours
Red Team


What are Web applications? The term encompasses everything that can be accessed via a web browser, from applications to server technologies (operating systems, web servers, native applications, and databases, etc.) from endpoint technologies (browsers and extensions) to JavaScript and more. Although these apps are common, very few individuals can master the entire technological stack. The challenge for those seeking to test Web application vulnerabilities is understanding all the different technologies involved. While developers may know what language they code in, penetration testers should know them all.  
This course provides students with a comprehensive overview of the Web service attack process. The topics covered include carrying out scans, mapping vulnerabilities, and resources, performing various database code injections, reading, and writing, operating system file tables, executing code on the operating system, exploiting authentication and session issues, manipulating vulnerable components on the server, identifying weak configurations, performing user-side code injections, launching browser attacks, and social engineering. The course also offers a hands-on practical experience that focuses on manual techniques which help students understand the various steps of the organized testing process.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

Penetration Testing and Web Applications
  • Meet the Web stack
  • Proactive security testing vs. hacking
  • Automated vs. manual testing
  • Code vulnerabilities and severity scoring
Environment Setup
  • To Kali or not to Kali
  • Tools of the trade
  • Deliberately vulnerable applications and servers
Profiling the web server
  • Scanning for open ports
  • Fingerprinting the application stack
  • Enumerating files, directories, and other resources
  • Scanning for known application vulnerabilities
  • Avoiding detection while profiling
Datastore Injections
  • Error-based datastore information retrieval
  • Union-based manual SQL injections
  • Exploiting build-in functions
  • Reading and writing files with union injections
  • Generating Web shells and full shells
  • Blind Boolean injections
  • Blind time-based injections
  • Bonus: Schema-less injections?!
Don't touch this tab

About CYBERPRO was founded in cooperation with international information security and instruction authorities who bring to Israel world-leading cyber training technologies and a learning experience of the highest standard available today.

The partners include the IITC group which has been training graduates for the high tech industry for over 20 years, and was selected as the training center for the Cisco Company in Israel.

CYBERPRO’s advanced, sought-after training courses in the areas of infrastructures, information security and cyber are world famous. These training courses were developed by some of the best cyber experts in the world, for international security organizations that emphasize the high training capabilities, the professional learning methods and the unique training and practice technologies. Our connection with international groups allows our students to be exposed to unique employment opportunities in Israel and abroad.

The training and learning tracks are all based much hands-on practice and preparation for the industry and profession requirements, so they include technological labs and practice sessions using one of the most advanced simulators in the world.

    • Server-side and client-side Web application developers
    • Analysts
    • IT specialists
    • Incident Response Teams
    • Advanced knowledge of Web technologies (server code , SQL, JavaScript, HTML)
    • Server-side programing
    • Familiarity with Windows and Linux operating systems is advantageous
    • Familiarity with TCP/IP protocols is advantageous
    • Performing penetration testing
    • Using he tools of the trade
    • SQL injections
    • Advanced web server profiling