GIAC Web Application Penetration Tester (GWAPT)

Pen Tester Overview

This certification course will validate the practitioner's ability to effectively secure the organizations through penetration testing and a thorough understanding of web application security issues. GWAPT certification holders have demonstrated knowledge of web application exploits and penetration testing methodology.

Following topics will be majorly discussed in this training:

  • Overview on the web applications, authentication attacks, and configuration testing
  • Management of Web application session, SQL injection attacks, and testing of tools
  • Cross site request forgery and scripting, client injection attack, reconnaissance and mapping


  • Security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers and architects

Giac Course schedule & Prices

Course Details Schedule
Live Virtual Classroom (Instructor-Led)
Duration : 5 Days (10 Days for 4 Hours/Day)
Fee : 1,500 (Includes Taxes) 
9 AM - 5 PM (Flexible Time Slots for 4 hours option)

Client's Location
As per mutual convenience
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Special Solutions for Corporate Clients. Click here

Enquire Now

Course Prerequisites

  • Basic working knowledge of the Linux command line.

On completion of this course, you will be able to accomplish the following:

  • Knowing of how to apply the OWASP's methodology to your web application penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control.
  • Analysing the results from automated web testing tools to validate findings, determine their business impact, and eliminate false positives.
  • Knowing to discover the key web application flaws manually
  • Usage of Python to create testing and exploitation scripts during a penetration test.
  • Knowing to discover and exploit SQL Injection flaws
  • An ability to understand and exploit insecure deserialization vulnerabilities with ysoserial and similar tools.
  • To create and configure and to test payloads within other web attacks.
  • Fuzz potential inputs for injection attacks.
  • Explaining the impacts of exploitation of web application flaws.
  • Analysing the traffic between the client and the server application using tools such as the Zed Attack Proxy and BurpSuite Pro to find security issues within the client-side application code.
  • Knowing to discover manually and to exploit Cross-Site Request Forgery (CSRF) attacks.
  • Using of the Browser Exploitation Framework (BeEF) to hook victim browsers, attack client software and the network, and evaluate the potential impact that XSS flaws have within an application.