Web application Penitration Testing Training & Certification [WAPT]

  • Course Duration40 Hrs.
  • Course ModeInstructor Led Training
  • Course Fee₹ 7700

About The Course

The WAPT Training is a online training program in the field of web application security. In this training program, you will learn how to perform a vulnerability assessment and penetration test on a live web application in a virtual lab environment. This training program is created team of experts. You will learn through video tutorials. For a great handson learning experience, this training program is packed with assignments, assessment tests, quizzes, and practice exercises. At the end of this training program, you will be hacking a live web application and generating an industry standard report.

Key Features

Instructor–led training

Highly interactive instructor-led training

Free lifetime access to recorded classes

Get lifetime access of all recored classes in your profile

Regular assignment and assessments

Real-time projects after every module

Lifetime accessibility

Lifetime access and free upgrade to the latest version

3 Years of technical support

Lifetime 24/7 technical support and query resolution

Globally Recognized Certification

Get global industry-recognized certifications


  • Master Burp Suite
  • Web application analysis, information gathering and enumeration
  • XSS & SQL Injection
  • Session related vulnerabilities
  • HTML5 attacks
  • Penetration testing Content Management Systems (CMS)
  • Penetration NoSQL databases and NoSQL-related APIs / NoSQL injections
  • Web Application attacks to Network and Infrastructure Penetration Testing
  • Became a proficient professional web application penetration tester

Mode of Learning and Duration

  • Weekdays - 4 weeks
  • Weekend – 5 weeks
  • FastTrack Batch - 3.5 weeks
  • Weekdays – 4.5 weeks
  • Weekend – 5.5 weeks
  • FastTrack Batch - 3.5 weeks


Course Agenda

  • Introduction to Information Security
  • Hacking Methodologies and Types of Security Testing
  • Computer Networking
  • IP Addressing and NAT
  • DNS- The Google Maps of the Internet
  • Ports and Services
  • Protocols, TCP/IP and OSI Model
  • Proxy and VPN
  • Module Test
  • Digital Footprints and Information Gathering
  • Advanced Information Gathering about People and Websites
  • Google Dorking- Hacking using Google
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
  • HTML Basics
  • HTML and Introduction to Javascript
  • Introduction to PHP and Setting up XAMPP
  • Putting Brains into Beauty- Working with PHP
  • Handling User Input and Building Basic Applications using PHP
  • Module Test
  • Introduction to VAPT and OWASP
  • Basics of Databases and SQL
  • Authentication Bypass using SQL Injection
  • GET based SQL Injection- Part 1
  • GET based SQL Injection- Part 2
  • POST based SQL Injection- Part 1
  • POST based SQL Injection- Part 2
  • Advanced SQL Injections
  • Automating SQL Injections- SQL Map
  • Module Test
  • Bypassing Client-Side Filters using Burp Suite
  • IDOR and Rate-limiting issues
  • Arbitrary File Upload Vulnerabilities
  • Module Test
  • Understanding Important Response Headers, DOM, and Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
  • Understanding Forced Browsing and Session-Cookie Flaws
  • Cross Site Request Forgery (CSRF) and Open Redirections
  • Brute Force Attacks using Burp Suite
  • Personally, Identifiable Information (PII) Leakage and Sensitive Information Disclosure
  • Module Test
  • Common Security Misconfigurations
  • Default/Weak Password Vulnerabilities
  • Fingerprinting Components with Known Vulnerabilities
  • Scanning for Bugs in WordPress and Drupal
  • Using Public Exploits and Looking at Live Case Studies
  • Module Test
  • Information Gathering for Endpoints
  • Application Assessment using Nmap
  • Automating VAPT with Nikto and Burp Suite Pro
  • Concepts of Code Security and Patching
  • Module Test
  • Documenting Stages of Vulnerabilities using Tools
  • VAPT Reports: Developer Report v/s Higher Management Report
  • Parts of a VAPT Report
  • Common Good Practices and Bad Practices
  • Module Test



Problem Statement: - Run your SQL command on a live website

Description: - SQL injection is the CRUD operation against a database of a website to affects its operations and give the attacker an opportunity to run their own SQL command against the database using the frontend of the website. Here we will understand how text box input is the best friend for a attacker.

Problem Statement: - Make a File and resource attack by changing resource identifiers.

Description: - With this kind of attack we change resource identifiers used by an application in order to perform a malicious task. As an application defines a resource type or location based on user input like file name or port number, this data can be manipulated to execute or access different resources. An application that permits input of special characters like period, slash, and backslash is risky when used in conjunction with methods that interact with the file system. Resource injection differs from path manipulation as it focuses on accessing resouces other than the local file system.

Problem Statement: - Path Traversal and Local File Inclusion vulnerability test on wordpress website.

Description: - WordPress is mostly used website building tool over internet with 35% of market share. Huge number of active installations all gives a massive attack surface. A regular attempt is made to hack into WordPress sites. On getting access to an account with at least author privileges on target WordPress site one can execute arbitrary PHP code on the underlying server and can get a full remote takeover. We will learn about both Path Traversal and Local File Inclusion vulnerability was automatically detections.



Career Support

We have a dedicated team which is taking care of our learners learning objectives.


There is no such prerequisite if you are enrolling for Master’s Course as everything will start from scratch. Whether you are a working IT professional or a fresher you will find a course well planned and designed to incorporate trainee from various professional backgrounds.

AI Council offers 24/7 query resolution, you can raise a ticket with a dedicated support team and expect a revert within 24 Hrs. Email support can resolve all your query but if still it wasn’t resolved then we can schedule one-on-one session with our instructor or dedicated team. You can even contact our support after completing the training as well. There are no limits on number of tickets raised.
AI council provide two different modes for training one can choose for instructor lead training or learning with prerecorded video on demand. We also offer faculty development programs for college and schools. apart from this corporate training for organization/companies to enhance and update technical skills of the employees. We have highly qualified trainers who are working in the training industry from a very long time and have delivered the sessions and training for top colleges/schools and companies.
We are providing a 24/7 assistance for the ease of the student. Any query can be raised through the interface itself as well as can be communicated through email also. If someone is facing difficulties with above methods mentioned above we can arrange a one on one session with the trainer to help you with difficulties faced in learning. You can raise the query throughout the total training period as well as after the completion of the training.
AI Council offers you the latest, appropriate and most importantly the real-world projects throughout your training period. This makes student to gain industry level experience and converting the learning’s into solution to create the projects. Each Training Module is having Task or projects designed for the students so that you can evaluate your learning’s. You will be working on projects related to different industries such as marketing, e-commerce, automation, sales etc.
Yes, we do provide the job assistance so that a learner can apply for a job directly after the completion of the training. We have tied-ups with companies so when required we refers our students to those companies for interviews. Our team will help you to build a good resume and will trained you for your job interview.
After the successful completion of the training program and the submission of assignments/quiz, projects you have to secure at least B grade in qualifying exam, AI Council certified certificate will be awarded to you. Every certificate will be having a unique number through which same can be verified on our site.
To be very professional and transparent No, we don’t guarantee the job. the job assistance will help to provide you an opportunity to grab a dream job. The selection totally depends upon the performance of the candidate in the interview and the demand of the recruiter.
Our most of the programs are having both the modes of training i.e. instructor led and self-paced. One can choose any of the modes depending upon their work schedule. We provide flexibility to choose the type of training modes. While registering for courses you will be asked to submit your preference to select any of the modes. If any of the course is not offered in both modes so you can check in which mode, the training is going on and then you can register for the same. In any case if you feel you need any other training mode you can contact our team.
Yes, definitely you can opt for multiple courses at a time. We provide flexible timings. If you are having a desire for learning different topics while continuing with your daily hectic schedule our course timing and modes will help you a lot to carry on the learning’s.
Whenever you are enrolling in any of the courses we will send the notification you on your contact details. You will be provided with unique registration id and after successful enrollment all of the courses will be added to your account profile on our website.AI Council provides lifetime access to course content whenever needed.
A Capstone project is an outcome of the culminating learning throughout the academic years. It is the final project that represents your knowledge, efforts in the field of educational learning. It can be chosen by the mentor or by the students to come with a solution.
Yes, for obtaining the certificate of diploma programmer you have to submit the capstone project.