Web Penetration Testing

Date: TBA

Duration: 8 Days

Course Overview

Web applications are highly common in our world, and extremely popular by hackers as an entry point to organisations. Many times, those applications (and the data behind them) are actually the main target. Unfortunately, many of these systems contain security loopholes and are highly vulnerable.

Participants will practice finding exploits and harmful web applications as these are one of the first steps any attackers will carry out. In addition, as one of the most common and popular services inside networks, successfully defending all of them is highly demanding.

Learning how to penetrate web apps and how attackers use them as part of their operations will give analysts a significant advantage in defending organisations and investigating potential attacks.

This module is part of Higher Certificate of Cyber Security (Intermediate).

Learning Outcomes

With practical experience in web attacks and a good understanding of webshell and authentication bypass, a cybersecurity analyst will be able to investigate suspicious activities in the organisation’s web services (or by using external web services), evaluate the level of security of the organisation’s web apps, look for security breaches (red team) and suggest possible solutions.

The course enables learners to:

  • Learn basic web programming
  • Gain practical experience with web attacks such as SQL injection, website code injection, XSS, CSRF
  • Obtain a good understanding of webshell and authentication bypass


  • Web development refreshment – HTML, PHP, SQL, JS
  • SQL injection
  • Website code injection
  • SSI injection
  • Shell injection
  • SSRF
  • Directory traversal
  • Web shell
  • Authentication bypass
  • Cross-site Scripting/Request Forgery (XSS/CSRF)

Who Should Attend

  • Cyber Security Analyst
  • Junior Web Developer


  • Python programming experience
  • Linux experience
  • Familiarity with HTML, PHP, SQL, Javascript

Course Highlight

This course provides significant hands-on experience with real life case studies. Techniques and tools taught are immediately useful in your day-to-day work.

Training Roadmap

Course Conveners

(Click their photos to view their short biographies)

eeeee Dvir Chikvashvili

Mr Dvir CHIKVASHVILIMr Dvir Chikvashvili

eeeee Gur Sharon

Mr Gur SHARONMr Gur Sharon

eeeee Rony Munitz

Mr Rony MUNITZMr Rony Munitz

eeeee Ron Suhodrev

Mr Ron SuhodrevMr Ron Suhodrev

eeeee Zhuang Weiliang

Mr ZHUANG WeiliangMr Zhuang Weiliang

Insight from Instructor

“Given the increasing prevalence of technology in our lives, web applications-based attacks are becoming more common. As a red teamer, it is quintessential to have web penetration testing experience.

A skilled web penster can help the organization to take responsibility to its own web applications and services by evaluating the defense level of those apps. Finding potential vulnerabilities will allow the developers and IT department to fix those security holes and raise the security level.”

Rony Munitz

Course Fees

Singapore Citizens
39 years old or younger
40 years old or older
Singapore PRs
Enhanced Training Support for SMEs
International Participants

Total Nett Programme Fee Payable, Including GST, after additional funding from the various funding schemes

Participants must fulfill at least 75% attendance and pass all assessment components to be eligible for SSG funding.

To enquire, please email soc-ace@nus.edu.sg

To register, click Register

Select Short Course / Modular Course -> Apply for Myself -> Browse Academic Modules / Short Courses-> Module/Course Category -> Short Courses -> Browse Courses-> Advanced Computing for Exe (Faculty/Department / Unit)

Please download the user guide for NUS Online Application Portal after you click ‘Apply for Myself’ if you need assistance.

Course Fee Breakdown

Singapore Citizens

Singapore Citizens

39 years old or younger

Singapore Citizen

40 years old or older
Singapore PRs
Enhanced Training Support for SMEs
International Participants