Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

SEC542: Web App Penetration Testing and Ethical Hacking

SEC542Offensive Operations
  • 6 Days (Instructor-Led)
  • 36 Hours (Self-Paced)
Course created by:
Eric ConradTimothy McKenzieBojan Zdrnja
Eric Conrad, Timothy McKenzie & Bojan Zdrnja
Register NowCourse Preview
SEC542: Web App Penetration Testing and Ethical Hacking
Course created by:
Eric ConradTimothy McKenzieBojan Zdrnja
Eric Conrad, Timothy McKenzie & Bojan Zdrnja
Register NowCourse Preview
  • GIAC Web Application Penetration Tester (GWAPT)

    Learn about certification

  • 36 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • Intermediate Skill Level

    Course material is geared for cyber security professionals with hands-on experience

  • 30 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Learn a repeatable process for web application penetration testing and gain the skills to uncover vulnerabilities and communicate their business impact.

Featured Quote

Every day of SEC542 gives you invaluable information from real-world testing you cannot find in a book.
David FavaThe Boeing Company

Course Overview

SEC542: Web Application Penetration Testing and Ethical Hacking teaches students how to identify, exploit, and demonstrate the real-world impact of critical web application vulnerabilities. Through a structured, repeatable methodology, students learn to move beyond automated scanners and conduct professional-grade penetration tests. The course emphasizes both technical skill development and effective communication of risk to improve organizational security posture.

What You’ll Learn

  • Apply OWASP’s methodology for consistent, high-quality testing
  • Test both traditional and modern web apps, including APIs
  • Exploit common flaws like SQLi, XSS, CSRF, and SSRF
  • Validate scanner results and assess business impact
  • Write custom testing scripts using Python
  • Use tools like BurpSuite, ZAP, ffuf, and BeEF effectively
  • Conduct full web app penetration tests from start to finish

Business Takeaways

  • Use a repeatable process for high-impact testing
  • Identify and exploit critical web app flaws
  • Communicate the impact of vulnerabilities
  • Highlight web app security’s role in overall defense
  • Effectively use key attack tools
  • Write clear, actionable test reports

Meet Your Authors

Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC542: Web App Penetration Testing and Ethical Hacking.

Section 1Introduction and Information Gathering

This section introduces web application penetration testing from an attacker’s perspective, emphasizing foundational web technologies, DNS reconnaissance, and HTTP protocol security. It covers essential tools like BurpSuite Pro and ZAP for intercepting traffic, as well as methodologies such as the OWASP assessment framework.

Topics covered

  • Web application assessment methodologies
  • The penetration tester's toolkit
  • Interception proxies

Labs

  • SSL configuration analysis
  • Target profiling
  • Content discovery

Section 2Fuzzing, Scanning, Authentication, and Session Testing

This section introduces techniques like fuzzing, vulnerability scanning, and forced browsing to uncover hidden content and potential vulnerabilities. It also explores authentication, authorization, and session management mechanisms—covering common attack vectors and tools like BurpSuite, ZAP, and ffuf.

Topics covered

  • Fuzzing
  • Information Leakage
  • Burp Professional's Vulnerability Scanning

Labs

  • Interception proxies
  • Command line utilities
  • Username enumeration

Section 3Injection

This course section focuses on identifying and exploiting critical vulnerabilities such as authentication and authorization bypasses, injection flaws, and insecure deserialization. Emphasizing manual testing techniques, students gain hands-on experience with command injection, file inclusion, and various forms of SQL injection.

Topics covered

  • Authentication and authorization bypass
  • Command injection: Blind and Non-Blind
  • Directory traversal

Labs

  • Common injection flaws
  • Chaining vulnerabilities
  • Using sqlmap

Section 4XSS, SSRF, and XXE

This section focuses on advanced injection flaws, highlighting various forms of XSS and introducing tools like BeEF for browser exploitation. It also explores API and data attacks through REST, SOAP, and AJAX, and concludes with practical labs on complex vulnerabilities like SSRF and XXE, emphasizing the chaining of exploits and client-side analysis.

Topics covered

  • Cross-Site Scripting (XSS)
  • Browser Exploitation Framework (BeEF)
  • AJAX

Labs

  • Client-side JavaScript analysis
  • Server-side request forgery (SSRF)
  • XML external entities (XXE)

Section 5CSRF, Logic Flaws and Advanced Tools

This section teaches how to escalate access, pivot within networks, and understand the broader business impact of vulnerabilities. We cover advanced techniques using tools like Metasploit and Nuclei, explore logging and monitoring, and introduce LLM-specific vulnerabilities – ending with a hands-on challenge on manual exploitation and custom tool adaptation.

Topics covered

  • Logic flaws
  • Logging and monitoring
  • Python for web app penetration testing

Labs

  • SQL injection attacks
  • Cross-Site Request Forgery attacks
  • Nuclei vulnerability scanner

Section 6Capture the Flag

During section six, students form teams and compete in a web application penetration testing tournament.

Things You Need To Know

Relevant Job Roles

Software Security Assessment (OPM 622)

NICE: Design and Development

Responsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.

Explore learning path

Secure Systems Development

NICE: Design and Development

Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.

Explore learning path

Security Control Assessment (OPM 612)

NICE: Oversight and Governance

Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.

Explore learning path

Vulnerability Analysis (OPM 541)

NICE: Protection and Defense

Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Explore learning path

Application Pen Tester

Offensive Operations

Application penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.

Explore learning path

Secure Software Development (OPM 621)

NICE: Design and Development

Responsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.

Explore learning path

Systems Testing and Evaluation (OPM 671)

NICE: Design and Development

Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

GIAC Certification Attempt

Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Timothy McKenzie
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Enrollment options
    Self-Paced
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by Bojan Zdrnja
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by Timothy McKenzie
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,230 EUR*Prices exclude applicable local taxes
    Enrollment options
    In-Person
  • Location & instructor

    San Antonio, TX, US & Virtual (live)

    Instructed by Timothy McKenzie
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Singapore, SG & Virtual (live)

    Instructed by Bojan Zdrnja
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,900 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by Eric Conrad
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,230 EUR*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Raleigh, NC, US & Virtual (live)

    Instructed by Aaron Cure
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
  • Location & instructor

    Las Vegas, NV, US & Virtual (live)

    Instructed by Timothy McKenzie
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Enrollment options
    In-PersonVirtual
Showing 8 of 19

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching class with code in the background

Get feedback from the world’s best cybersecurity experts and instructors

Learning via laptop

Choose how you want to learn - online, on demand, or at our live in-person training events

Learning via laptop

Get access to our range of industry-leading courses and resources