

Course Information

Course Name
WAHS: Web Application Hacking and Security

Exam code
WAHS
Certification
Overview
EC-Council’s Web Application Hacking and Security is a specialization certification that enables you to play, learn, hack, test, and secure web applications from existing and emerging security threats in the industry verticals.
Web Application Hacking and Security has challenges derived from the engaging iLab environments of EC Council – from Certified Ethical Hacker (CEH) to the Certified Penetration Testing Professional (CIPENT); from Certified Application Security Engineer (CASE) .Net to Java. But Web Application Hacking and Security goes beyond this to more difficult scenarios as you advance through each problem.
Web Application Hacking and Security is like a Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as they do a walkthrough to help you learn Web Application Hacking and Security.
Watch your name rise on the leader board, a place where you’ll see who’scracking the most challenges, who’s making the most progress, who’s cranking out the h@ck$!

What is included
Video tutorials – 1 year access
Break the Code labs (24 challenges) – 3 months access
Exam – Exam Dashboard validity period of 30 days from the day user activates exam dashboard
Exam and Certification
The Web Application Hacking and Security exam assesses candidates’ skills and proficiency on a broad spectrum of OWASP Top-10 web application vulnerabilities and attack vectors. Web Application Hacking and Security Exam is a fully online, remotely proctored practical exam that challenges candidates through a grueling 6-hour performance based, hands-on exam.
The exam focuses on candidates’ proficiency in performing a web application security assessment in real life stressful scenario. Candidates who score more than 60% will earn the Certified Web Application Security Associate certification, candidates who score more than 75% will be awarded the Certified Web Application Security Professional certification and candidates who score more than 90% attain the prestigious Certified Web Application Security Expert certification!
Audience Profile
If you are tasked with implementing, managing, or protecting web applications, then this course is for you. If you are a cyber or tech professional who is interested in learning or recommending mitigation methods to a myriad of web security issues and want a pure hands-on program, then this is the course you have been waiting for.
Average Salary and Career Outlook
Penetration tester salaries range from $57,000 to $134,000, depending on the IT security analyst’s experience level. Salary ranges are determined by various factors, including educational qualifications, certifications, and expertise in the field. An application security analyst assesses application security, and other software is reviewed to determine how data may be made safer.
Prerequisites
It is recommended to have:
- Good understanding of web application working
- Basic working knowledge of the Linux command line
- Basic knowledge of OSes and file systems
- Basic knowledge of Bash and/or Python scripting
Host System Requirement
Minimum Hardware Requirements for the Host OS:
- CPU: Intel i3(3.6 GHz per core) 64-bit/AMD Ryzen 3(3.6 GHz per core)
- RAM: 8 GB
- HDD: 60 GB available space
- Peripherals: External or Integrated Webcam
Software Requirements for the Host OS:
- Operating system: Windows 8.1 x64 or later/ MAC OSX
- Virtualization Software: Any latest solution such as VMware Player/VMware Workstation 8.0/VMware Fusion 7.0 or later, Hyper-V, VirtualBox
- Browser: Any modern browser such as Chrome, Firefox, Internet Explorer
- Internet: A stable Internet connection with a minimum of 5mbps Download and 1mbps Upload speeds. It is recommended to use hard-wired connection instead of wireless.
Virtual Machine Resource Requirement
Your virtual machine should be able to run penetration testing Linux distribution such as Parrot Security/Kali Linux or your own penetration testing toolkit.
VPN Software: The virtual machine should be installed with OpenVPN Connect client software. You can download it at https://openvpn.net/download-open-vpn/. The Parrot Security/Kali Linux distros come pre-installed with the OpenVPN client.
At Course Completion
- Advanced Web Application Penetration Testing
- Advanced SQL Injection (SQLI)
- Reflected, Stored and DOM-based Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF) – GET and POST Methods
- Server-Side Request Forgery (SSRF)
- Security Misconfigurations
- Directory Browsing/Bruteforcing
- Network Scanning
- Auth Bypass
- Web App Enumeration
- Dictionary Attack
- Insecure Direct Object Reference Prevention
- (IDOR)
- Broken Access Control
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Arbitrary File Download
- Arbitrary File Upload
- Arbitrary File Upload
- Using Components with Known Vulnerabilities
- Command Injection
- Remote Code Execution
- File Tampering
- Privilege Escalation
- Log Poisoning
- Weak SSL Ciphers
- Cookie Modification
- Source Code Analysis
- HTTP Header modification
- Session Fixation
- Clickjacking
Course Outline
Unlike many Capture-the-Flag challenges and Vulnerable Virtual Machines, Web Application Hacking and Security provides the challenger with the ability to follow an instructor as they make their way through the challenges. The instructor will present alternatives, do scans, upload malicious payloads, and crack passwords from their home computer just like you. – But don’t rely on the walkthrough; challenge yourself and see how far you can get. Play some of the walkthroughs, then pause and try some more. In the process, you will learn about application vulnerabilities and web application hacking. Even though this will prove useful for other CTF contests, and in cracking VVMs, it will be even more useful to your career as you learn to defend your applications and progress to Web Application Hacking and Security.
Overview
Overview
EC-Council’s Web Application Hacking and Security is a specialization certification that enables you to play, learn, hack, test, and secure web applications from existing and emerging security threats in the industry verticals.
Web Application Hacking and Security has challenges derived from the engaging iLab environments of EC Council – from Certified Ethical Hacker (CEH) to the Certified Penetration Testing Professional (CIPENT); from Certified Application Security Engineer (CASE) .Net to Java. But Web Application Hacking and Security goes beyond this to more difficult scenarios as you advance through each problem.
Web Application Hacking and Security is like a Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as they do a walkthrough to help you learn Web Application Hacking and Security.
Watch your name rise on the leader board, a place where you’ll see who’scracking the most challenges, who’s making the most progress, who’s cranking out the h@ck$!

What is included
Video tutorials – 1 year access
Break the Code labs (24 challenges) – 3 months access
Exam – Exam Dashboard validity period of 30 days from the day user activates exam dashboard
Exam and Certification
The Web Application Hacking and Security exam assesses candidates’ skills and proficiency on a broad spectrum of OWASP Top-10 web application vulnerabilities and attack vectors. Web Application Hacking and Security Exam is a fully online, remotely proctored practical exam that challenges candidates through a grueling 6-hour performance based, hands-on exam.
The exam focuses on candidates’ proficiency in performing a web application security assessment in real life stressful scenario. Candidates who score more than 60% will earn the Certified Web Application Security Associate certification, candidates who score more than 75% will be awarded the Certified Web Application Security Professional certification and candidates who score more than 90% attain the prestigious Certified Web Application Security Expert certification!
Audience Profile
Audience Profile
If you are tasked with implementing, managing, or protecting web applications, then this course is for you. If you are a cyber or tech professional who is interested in learning or recommending mitigation methods to a myriad of web security issues and want a pure hands-on program, then this is the course you have been waiting for.
Average Salary and Career Outlook
Penetration tester salaries range from $57,000 to $134,000, depending on the IT security analyst’s experience level. Salary ranges are determined by various factors, including educational qualifications, certifications, and expertise in the field. An application security analyst assesses application security, and other software is reviewed to determine how data may be made safer.
Prerequisities
Prerequisites
It is recommended to have:
- Good understanding of web application working
- Basic working knowledge of the Linux command line
- Basic knowledge of OSes and file systems
- Basic knowledge of Bash and/or Python scripting
Host System Requirement
Minimum Hardware Requirements for the Host OS:
- CPU: Intel i3(3.6 GHz per core) 64-bit/AMD Ryzen 3(3.6 GHz per core)
- RAM: 8 GB
- HDD: 60 GB available space
- Peripherals: External or Integrated Webcam
Software Requirements for the Host OS:
- Operating system: Windows 8.1 x64 or later/ MAC OSX
- Virtualization Software: Any latest solution such as VMware Player/VMware Workstation 8.0/VMware Fusion 7.0 or later, Hyper-V, VirtualBox
- Browser: Any modern browser such as Chrome, Firefox, Internet Explorer
- Internet: A stable Internet connection with a minimum of 5mbps Download and 1mbps Upload speeds. It is recommended to use hard-wired connection instead of wireless.
Virtual Machine Resource Requirement
Your virtual machine should be able to run penetration testing Linux distribution such as Parrot Security/Kali Linux or your own penetration testing toolkit.
VPN Software: The virtual machine should be installed with OpenVPN Connect client software. You can download it at https://openvpn.net/download-open-vpn/. The Parrot Security/Kali Linux distros come pre-installed with the OpenVPN client.
At Course Completion
At Course Completion
- Advanced Web Application Penetration Testing
- Advanced SQL Injection (SQLI)
- Reflected, Stored and DOM-based Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF) – GET and POST Methods
- Server-Side Request Forgery (SSRF)
- Security Misconfigurations
- Directory Browsing/Bruteforcing
- Network Scanning
- Auth Bypass
- Web App Enumeration
- Dictionary Attack
- Insecure Direct Object Reference Prevention
- (IDOR)
- Broken Access Control
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Arbitrary File Download
- Arbitrary File Upload
- Arbitrary File Upload
- Using Components with Known Vulnerabilities
- Command Injection
- Remote Code Execution
- File Tampering
- Privilege Escalation
- Log Poisoning
- Weak SSL Ciphers
- Cookie Modification
- Source Code Analysis
- HTTP Header modification
- Session Fixation
- Clickjacking
Course Outline
Course Outline
Unlike many Capture-the-Flag challenges and Vulnerable Virtual Machines, Web Application Hacking and Security provides the challenger with the ability to follow an instructor as they make their way through the challenges. The instructor will present alternatives, do scans, upload malicious payloads, and crack passwords from their home computer just like you. – But don’t rely on the walkthrough; challenge yourself and see how far you can get. Play some of the walkthroughs, then pause and try some more. In the process, you will learn about application vulnerabilities and web application hacking. Even though this will prove useful for other CTF contests, and in cracking VVMs, it will be even more useful to your career as you learn to defend your applications and progress to Web Application Hacking and Security.
