Tried, Tested and Proven



Description of the Course

This course is designed to offer an introduction into performing an application penetration test.

The course will cover the basics and initial steps of application penetration testing with a focus on finding the most common vulnerabilities such as Cross Site Scripting (XSS) and SQL injection.

The course will also provide further reading material which can be used as preparation for further courses such as the “application penetration testing – intermediate” course.

This is a two day course.

Delegate Requirements

Minimum Skills Needed

To join this course, the participant is expected to have the following knowledge / skills / experience:

An understanding of why penetration tests are performed;

An understanding of relevant UK laws and their impact on penetration testing, inc. Computer Misuse Act 1990, Human Rights Act 1998, Data Protection Act 1998, Police and Justice Act 2006;

A good knowledge and experience of using HTML;

Some knowledge and previous experience of using JavaScript;

Functional knowledge of the HTTP protocol;

Basic knowledge of application architecture and design.

 A background in development is not a requirement, but may be advantageous. If there is concern over a potential candidate’s suitability, we can arrange a discussion with the course leader to assess this.


As part of the course delivery, participants will need to access a purpose built test environment, in which techniques can be practiced. Therefore, participants will require:

Laptop with local administrator access and permission to load 3rd party software onto it. Hire laptops available on request for an additional fee;

A bootable image will be provided as part of the course materials and can be used as the operating system for the duration of the course. Candidates may also use their own preferred build.


What will be covered in the course (overview):

Purposes of application penetration testing;
Finding common application vulnerabilities including Cross Site Scripting (XSS), SQL injection;
Introduction to exploiting SQL injection.

 What will be covered in the course (specifics):

Finding reflective and stored XSS;
Finding SQL injection;
Simple SQL injection exploitation;
Header injection;





Cost (per participant)

Application penetration testing Beginner 2 £1,200