GIAC Web Application Penetration Tester (GWAPT)

GIAC Web Application Penetration Tester (GWAPT) Certification Training Course Overview

This certification course will validate the practitioner's ability to effectively secure the organizations through penetration testing and a thorough understanding of web application security issues. GWAPT certification holders have demonstrated knowledge of web application exploits and penetration testing methodology.

Following topics will be majorly discussed in this training:

  • Overview on the web applications, authentication attacks, and configuration testing
  • Management of Web application session, SQL injection attacks, and testing of tools
  • Cross site request forgery and scripting, client injection attack, reconnaissance and mapping


  • Security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers and architects

GIAC Web Application Penetration Tester (GWAPT) Course schedule & Prices

Course Details Schedule
Live Virtual Classroom (Instructor-Led)
Duration : 5 Days (10 Days for 4 Hours/Day)
Fee : 1,500 (Includes Taxes) 
9 AM - 5 PM (Flexible Time Slots for 4 hours option)

Client's Location
As per mutual convenience
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request

Special Solutions for Corporate Clients! Click here

Hire Our Trainers! Click here

Get Quote

Course Prerequisites

  • Basic working knowledge of the Linux command line.

On completion of this course, you will be able to accomplish the following:

  • Knowing of how to apply the OWASP's methodology to your web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control.
  • Analysing the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives.
  • Knowing to discover the key web application flaws manually
  • Usage of Python to create testing and exploitation scripts during a penetration test.
  • Knowing to discover and exploit SQL Injection flaws
  • An ability to understand and exploit insecure deserialization vulnerabilities with ysoserial and similar tools.
  • To create and configure and to test payloads within other web attacks.
  • Fuzz potential inputs for injection attacks.
  • Explaining the impacts of exploitation of web application flaws.
  • Analysing the traffic between the client and the server application using tools such as the Zed Attack Proxy and BurpSuite Pro to find security issues within the client-side application code.
  • Knowing to discover manually and to exploit Cross-Site Request Forgery (CSRF) attacks.
  • Using of the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application.