SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Major updates
SEC542: Web App Penetration Testing and Ethical Hacking
SEC542Offensive Operations
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course authored by:
Eric Conrad, Timothy McKenzie & Bojan Zdrnja
Course authored by:Eric Conrad, Timothy McKenzie & Bojan Zdrnja
- GIAC Web Application Penetration Tester (GWAPT)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 35 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Build real-world web app offensive skills with a hands-on, repeatable process for finding, exploiting, and clearly proving the vulnerabilities that matter.
Featured Quote
This course was especially valuable to me because it bridged the gap between theory and practical application. The hands-on labs, in particular, stood out; they closely simulated real-world scenarios and helped me build confidence in applying the techniques during actual penetration testing engagements at work.
Course Overview
If an organization does not properly test and secure its web applications, adversaries can compromise critical systems, steal data, disrupt operations, and trigger regulatory fallout. Many still rely only on vulnerability scanners and assume these tools will reliably uncover real-world flaws.
SEC542 shows you how to move beyond push-button tools and perform focused, high-value web application penetration tests. You will learn a repeatable methodology to assess both Internet-facing and internal business applications that support sensitive workflows and data.
What You’ll Learn
- Apply a structured OWASP-based web app testing methodology
- Map and probe web apps and APIs with modern tooling
- Exploit critical flaws, including injection, XSS, CSRF, SSRF, XXE, SSTI
- Chain smaller issues into remote code execution and data theft
- Automate testing with Python, Requests/httpx, and custom scripts
- Use Burp Suite, ZAP, ffuf, sqlmap, BeEF, and Metasploit effectively
- Assess authentication and access control, including bypass and privilege escalation
Business Takeaways
- Build a repeatable, defensible web application testing process
- Go beyond scanners to uncover real, exploitable attack paths
- Communicate technical findings clearly in business and risk terms
- Provide developers with focused, actionable remediation guidance
- Strengthen monitoring by recognizing logging and detection gaps
- Deliver professional reports, executive summaries, and debriefs for stakeholders
- Demonstrate how web app security supports overall organizational defense
Meet Your Authors
- Slide 1 of 3
Eric Conrad
FellowEric Conrad, a SANS Faculty Fellow and course author, has 28 years of information security experience. Eric is the CTO of Backshore Communications and his specialties include Intrusion Detection, Threat Hunting, and Penetration Testing.
Read more about Eric Conrad - Slide 2 of 3
Timothy McKenzie
Principal InstructorTimothy McKenzie redefined offensive security through decades of Red and Purple Team operations, advancing the industry’s threat simulation standards and influencing thousands of cybersecurity professionals with his adversary emulation strategies.
Read more about Timothy McKenzie - Slide 3 of 3
Bojan Zdrnja
Certified InstructorBojan Zdrnja is a globally respected cybersecurity expert and CTO at INFIGO IS, renowned for his leadership in offensive security, red teaming, and his extensive contributions to the SANS Internet Storm Center and European cybersecurity initiatives.
Read more about Bojan Zdrnja
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC542: Web App Penetration Testing and Ethical Hacking.
Section 1Introduction and Information Gathering
This first section of the web application penetration testing course covers essential techniques such as interception proxies, HTTP basics, information gathering, virtual host discovery, target profiling, HTTPS testing, and content spidering. Labs include configuring Burp Suite and conducting thorough assessments.
Topics covered
- Web application penetration testing methodologies
- Interception Proxies
- HTTP basics: protocols, requests and responses
- Virtual host discovery, spidering, and target profiling
- Security testing fundamentals
Labs
- Setting up Burp Suite for intercepting web traffic
- Hands-on experience with HTTP basics
- Techniques to identify additional hosts on a server
- Analyzing configurations and weak ciphers
- Using tools to discover and map out web application content
Section 2Fuzzing, Scanning, APIs, and Authentication
Section 2 focuses on advanced web application security techniques, including fuzzing for vulnerability detection, information leakage analysis, and using Nuclei and Burp Suite Pro scanners. It also covers forced browsing for content discovery, API exploitation, various authentication methods, and federated identity protocols.
Topics covered
- Master techniques like fuzzing and information leakage detection
- Utilize advanced scanning tools like Burp Suite Pro
- Use forced browsing to find unlinked content
- Identify and exploit API vulnerabilities using tools like Bruno
- Federated Identity and Access Protocols
Labs
- Gain experience with fuzzing techniques
- Explore configuration options for dynamic vulnerability scanning
- Learn how forced browsing complements crawling/spidering
- Interact directly with APIs using Bruno/OpenAPI
- Explore Flask session cookies and JSON Web Tokens (JWT)
Section 3Identity, AuthN/AuthZ Bypass, and Client-Side Attacks
This section moves from username harvesting and blind password spraying through session management and authentication and authorization bypass, then into stored, reflected, and DOM-based XSS, payload construction, data exfiltration, and browser exploitation using tools such as Burp Suite, ffuf, DOM Invader, and BeEF.
Topics covered
- Username Harvesting
- Session management and token randomness analysis
- Authentication and authorization bypass
- Cross-Site Scripting overview and impacts
- Client-side testing, DOM, AJAX, browser developer tools
Labs
- Use ffuf to test for valid usernames
- Perform blind username harvesting and password spraying
- Use Burp Sequencer to analyze session tokens
- Enumerate accounts and exploit authentication bypass
- Discover and exploit stored, reflected, and DOM-based XSS
Section 4Prototype Pollution, Database and Command Injection, SSRF, and XXE
Students progress from prototype pollution and database injection (SQL and NoSQL) through command injection, SSRF, and XML external entities, learning to move from input-level flaws to full data access and system impact using tools like Burp Suite and sqlmap.
Topics covered
- Prototype pollution and abuse of JavaScript's inheritance model
- SQL and NoSQL injection techniques, categories, and impact
- Database injection tooling and automation with Burp Suite
- Command injection and Collaborator-based probing
- SSRF and XXE attacks
Labs
- Use Burp to find and exploit prototype pollution
- Manually discover and exploit error-based SQLi and NoSQLi
- Combine sqlmap and Burp Suite to exploit SQLi
- Perform inline and blind command injection, use Burp Collaborator
- Identify and exploit SSRF and XXE exploring deep impact exploits
Section 5CSRF, Serialization, SSTI, and Advanced Tools
This section advances from insecure deserialization, file inclusion, Python automation, SSTI, CSRF, and file upload exploitation to Metasploit-driven post-exploitation and the business side of penetration testing, tying technical attacks to logging, logic flaws, LLM risk, and reporting.
Topics covered
- File inclusion and insecure deserialization
- Python scripting and pickling for automating web app testing
- Server-side template injection
- Security logging and monitoring failures
- Metasploit Framework usage
Labs
- Chain Java deserialization, information leakage, and file inclusion
- Write Python scripts using Requests and httpx
- Find vulnerabilities, discover new API paths, and achieve remote code execution
- Discover and exploit SSTI and CSRF by auditing with Burp or ZAP
- Explore file upload to deploy a web shell for remote code execution
Section 6Capture the Flag
During section six, students compete in teams in the ranges.io platform, a powered web application penetration testing tournament. This Capture-the-Flag exercise lets them wield new or sharpened skills to answer questions, complete missions, exfiltrate data, and tackle progressive challenges with hints that support all skill levels and reinforce learning.
Things You Need To Know
Relevant Job Roles
Vulnerability Assessment
SCyWF: Protection And DefenseThis role tests IT systems and networks and assesses their threats and vulnerabilities. Find the SANS courses that map to the Vulnerability Assessment SCyWF Work Role.
Explore learning pathSoftware Security Assessment (OPM 622)
NICE: Design and DevelopmentResponsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.
Explore learning pathSecure Systems Development (OPM 631)
NICE: Design and DevelopmentResponsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Explore learning pathVulnerability Analysis (OPM 541)
NICE: Protection and DefenseResponsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Explore learning pathExploitation Analyst (DCWF 121)
DoD 8140: Cyber EffectsCollaborates to identify access and collection gaps using cyber resources and techniques to penetrate target networks and support mission operations.
Explore learning pathApplication Pen Tester
Offensive OperationsApplication penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.
Explore learning pathCyber Operations Planner (DCWF 332)
DoD 8140: Cyber EffectsCoordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.
Explore learning pathSecure Software Development (OPM 621)
NICE: Design and DevelopmentResponsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course priceS$11,390 SGD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
- Date & TimeFetching schedule..Course price¥1,335,000 JPY*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price€8,230 EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
Showing 10 of 12
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3This course taught me to truly focus on the methodology while performing a pen test. During the Capture the Flag event, I realized how much time can be wasted if you fail to respect your methodology.
- Slide 2 of 3As a developer, SEC542 is exactly the kind of course I needed. It showed us what the bad guys look for, which helps protect our software.
- Slide 3 of 3SEC542 provides rapid exposure to a variety of tools and techniques invaluable to recon on target site.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources