757-216-3656 | Monday–Friday 8:30 AM – 4:30 PM | info@itdojo.com
|
www.itdojo.com
757-216-3656
info@itdojo.com
Web Penetration Testing
Duration: 4 days  |  Instructor-Led · Live Remote Online or On-Site
Cybersecurity & IA Training for DoD and Federal Teams

Web Penetration Testing

Upcoming Course Dates
  • • Aug 14, 21, 28 – Sep 4, 2026 · Live Remote Online
  • • Oct 30, Nov 6, 13, 20, 2026 · Live Remote Online
Interested in this course?

Contact IT Dojo for current pricing, available dates, and a custom quote tailored to your team or organization.

Email info@itdojo.com  •  Call 757-216-3656  •  www.itdojo.com

Course Duration

4 days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

No prerequisite knowledge required other than general computer use.

Course Description

This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You will gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker. The primary focus is learning by doing, with each module focused on real-world techniques. You will also receive 12-month access to the full on-demand version of the course to reinforce classroom learning objectives. This course includes two Exam Vouchers for TCM Security's Practical Web Pentest Associate (PWPA) and Practical Web Pentest Professional (PWPP) certifications. Each exam voucher includes 1 exam attempt and is valid for 12 months from the course completion date.

Learning Objectives

  • Understand the fundamental architecture and functionality of web applications
  • Identify and exploit common server-side vulnerabilities and attack techniques
  • Execute client-side attack methods and exploitation tactics
  • Use scanning tools and techniques to identify and execute advanced web application attacks

Course Outline

Day 1 – How Web Apps Work
  • Introduction to Web Applications
  • How Web Apps Work
  • Intro to HTTP
  • Broken Authentication
  • Broken Access Control
  • SQL Injection
Day 2 – Server-Side Attacks
  • SQL Injection (continued)
  • Command Injection
  • XML External Entity (XXE) Injection
  • Directory Traversal
Day 3 – Server-Side and Client-Side Attacks
  • File Upload Vulnerabilities
  • Server-Side Request Forgery (SSRF)
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
Day 4 – Scanning and Advanced Attacks
  • Scanning, Filter Bypasses, and WAF Bypasses
  • Logic Bugs
  • Building a Methodology
  • Performing a Web App Pentest

Frequently Asked Questions

What does the Web Penetration Testing course cover?

This hands-on live training is designed to take you from beginner to confident web application pentester with no prior hacking experience required. You will gain a solid foundation in how web apps work, how to find and exploit common vulnerabilities, and how to think like an attacker. IT Dojo delivers it as live instructor-led training for government and business professionals.

How long is IT Dojo's Web Penetration Testing training?

Web Penetration Testing is a 4 days course. It is available as live remote online instruction or on-site at your facility.

Is this course available as live remote online training?

Yes. IT Dojo offers Web Penetration Testing as live remote online training led in real time by a certified instructor. On-site delivery at your government facility or contractor location is also available.

Who should attend this course?

Security professionals, developers, and IT professionals seeking to build web penetration testing skills from the ground up with no prior hacking experience required.

Does Web Penetration Testing prepare students for a certification?

Yes. Web Penetration Testing maps to the PWPA – Practical Web Pentest Associate, PWPP – Practical Web Pentest Professional credential. IT Dojo's instructor-led training is built to prepare students for the exam.

Does IT Dojo offer this training on-site at government or DoD facilities?

Yes. IT Dojo delivers Web Penetration Testing on-site at government agencies, DoD commands, military installations, and contractor facilities. On-site training is ideal for teams and can be customized to your organization's workflows. Contact IT Dojo to schedule.

How do I register for this course?

IT Dojo training is employer sponsored. Your organization registers and pays for seats. To schedule Web Penetration Testing for your team, contact IT Dojo via the Request Training form or call 757-216-3656.

Request Info & Pricing

Get details on scheduling, pricing, and delivery options for this course.

757-216-3656

Why no pricing?

Course pricing varies based on timing, availability, and class size. When you request a quote, we give you a current, accurate number rather than a posted rate that may be months out of date.

Upcoming Course Dates
  • Aug 14, 21, 28 – Sep 4, 2026 · Live Remote Online
  • Oct 30, Nov 6, 13, 20, 2026 · Live Remote Online
Don't be afraid of Live Remote Online Training

Live Remote Online classes are typically capped at 16 people. Students connect to a live class, not prerecorded, and can interact with the instructor and other students via chat or microphone.

All labs are done remotely and the instructor is there to assist if needed.

Can't find what you're looking for?

Let us know! Chances are we have access to the training that you need.

Have questions or need more information?

Contact us today at:

757-216-3656 info@itdojo.com
About Our Instructors

All IT Dojo courses are taught by certified, active industry practitioners.

Meet Our Instructors

IT Dojo, Inc. • 4176 South Plaza Trail, Suite 207 • Virginia Beach, VA 23452

Employer-sponsored training only. Serving Federal Government, DoD, and Corporate clients since 2003.

You May Also Be Interested In

Get More Information