Web Application Hacking
A practical workshop on how to detect and exploit Web application vulnerabilities and use this to their advantage when attacking information systems.
40 hours
Red Team
40 hours
Red Team


What are Web applications? The term encompasses everything that can be accessed via a web browser, from applications to server technologies (operating systems, web servers, native applications, and databases, etc.) from endpoint technologies (browsers and extensions) to JavaScript and more. Although these apps are common, very few individuals can master the entire technological stack. The challenge for those seeking to test Web application vulnerabilities is understanding all the different technologies involved. While developers may know what language they code in, penetration testers should know them all.  
This course provides students with a comprehensive overview of the Web service attack process. The topics covered include carrying out scans, mapping vulnerabilities, and resources, performing various database code injections, reading, and writing, operating system file tables, executing code on the operating system, exploiting authentication and session issues, manipulating vulnerable components on the server, identifying weak configurations, performing user-side code injections, launching browser attacks, and social engineering. The course also offers a hands-on practical experience that focuses on manual techniques which help students understand the various steps of the organized testing process.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

Penetration Testing and Web Applications
  • Meet the Web stack
  • Proactive security testing vs. hacking
  • Automated vs. manual testing
  • Code vulnerabilities and severity scoring
Environment Setup
  • To Kali or not to Kali
  • Tools of the trade
  • Deliberately vulnerable applications and servers
Profiling the web server
  • Scanning for open ports
  • Fingerprinting the application stack
  • Enumerating files, directories, and other resources
  • Scanning for known application vulnerabilities
  • Avoiding detection while profiling
Datastore Injections
  • Error-based datastore information retrieval
  • Union-based manual SQL injections
  • Exploiting build-in functions
  • Reading and writing files with union injections
  • Generating Web shells and full shells
  • Blind Boolean injections
  • Blind time-based injections
  • Bonus: Schema-less injections?!
Don't touch this tab

SOTERIA Global is a global leader in cyber-security training solutions and services.

The cyber world is now a part of our everyday life. New technology emerges daily, and as opportunities increase, so do cyber risks. Threats constantly evolve, and we must protect our valuable assets.

A successful cyber defense has many factors, but they all have one thing in common: dedicated, skilled individuals.

SOTERIA Global experts develop our solutions and rely on the best technological assets in the market. Our impressive global presence expands over four continents, giving us access to the best cybersecurity professionals.

Our solutions range from customized training programs to developing cyber-oriented facilities, ensuring that individuals and organizations are ready to face real-world threats. Over the years, we have worked with various organizations across many sectors, giving us the skillset to shape and adapt our solutions to meet our client’s needs.

    • Server-side and client-side Web application developers
    • Analysts
    • IT specialists
    • Incident Response Teams
    • Advanced knowledge of Web technologies (server code , SQL, JavaScript, HTML)
    • Server-side programing
    • Familiarity with Windows and Linux operating systems is advantageous
    • Familiarity with TCP/IP protocols is advantageous
    • Performing penetration testing
    • Using he tools of the trade
    • SQL injections
    • Advanced web server profiling