On This Page

0x7DF Web Application Bootcamp - Journeyman Level

SensePost | August 1-2


This two-day course has enough theory to ensure you understand what you are trying to achieve, but with a heavy focus on practical exercises. Students should expect lots of hands-on hacking with some of the finest hackers in the industry!


  • The fundamentals - setting the foundation. Testing basics, tools of the trade, HTTP, and related technology introduction.
  • Know your enemy - reconnaissance, enumeration, and landscape discovery.
  • Breaking bad - the application series:
    • SQL injection on various platforms - how to really pwn databases
    • XML and XML entity injection
    • XPath and LDap injection
    • Cross-site scripting (reflective, persistent, and DOM based) - this is not the pop-up you are interested in
    • Attacking web services (XML, JSON)
    • Client side technologies such as Flash, Silverlight, and ActiveX

Who Should Take this Course

This course is ideally suited to those wishing to learn how to test web applications for vulnerabilities or to those experienced infrastructure pentesters that want to expand their skill set into web applications. This course is about tearing apart applications and understanding how attackers are breaching corporate deployments.

Student Requirements

Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. This includes basic Linux operating system knowledge, a basic understanding of web applications, and networking fundamentals.

What Students Should Bring

  • Laptop with at least 4GB RAM and 20 GB free space
  • Working USB port

What Students Will Be Provided With

All course materials, code, and tools will be supplied.


All SensePost trainers are active penetration testers who own networks, applications, mobiles and humans on a daily basis.