Professional Web & Mobile Penetration Testing Offline Course

Learn Cybersecurity with 40+ hours of hands-on training

Total 40 Hours

Weekly 2 Classes

2 Months

Basic to Advanced

Course Highlights

Our course offers a comprehensive and practical approach to web and mobile penetration testing. Here are the key features:

Focused Classes:: Interactive sessions led by experienced instructors, providing real-time troubleshooting and guidance.

Hands-on Labs: Practice live hacking simulations, solve CTF challenges, and gain real-world experience using tools like Burp Suite, Kali Linux, and OWASP ZAP.

Comprehensive Report Writing: Develop the skills to create professional reports for both web and mobile penetration testing. Learn to document identified vulnerabilities, assess risks, and provide actionable recommendations in a structured format suitable for technical teams and non-technical stakeholders alike..

Who Can Enroll?

Why Choose Us?

Course Modules

Web Penetration Testing

Module 1: Fundamental Knowledge For Web Pentest

HTTP, SSL, Web Headers, Web Coding Basic, Server, Databases, HTTP Request, HTTP Response

Module 2: Recon / Information Gathering

Introduction to Recon / Information Gathering

  • Google Dorking, Github Dorking, DNS Lookup, Scanning, Enumeration, Shodan Nmap, nslookup, censys, ssl checker, subzy, wappalyzer, bash scripts for advanced recon

Module 3: Web Vulnerabilities Pentesting (OWASP)

Understand encryption techniques to secure data.

  • HTTP Host Header Attack
  • SQL Injection Attack
  • Advanced SQL Injection Attack for Web Pentesting
  • XSS Attack
  • Advanced XSS Attack for Web Pentesting
  • Local File Inclusion, Remote File Inclusion, RCE Using LFI
  • XXE Attack
  • Command Injection
  • Server Side Request Forgery (SSRF)
  • Business Logic Vulnerabilities For Penetration Testing
  • Information Disclosures For Penetration Testing

Module 4:Attacking Common Applications

Learn how to Attacking Common Applications

  • WordPress CMS Penetration testing
  • Joomla CMS Penetration testing
  • Drupal CMS Penetration testing
  • Tomcat, Jenkins Penetration testing

Module 5: CVE and Pentesting

Learn how to CVE and Pentesting

  • What is CVE?
  • How to Pentest a Website Using CVE?

Module 6: Automation Tools for Web Pentesting

Learn how to hide data securely using steganographic methods.

  • What are Automation Tools?
  • List of Automation Tools for Web Pentesting
  • Advanced use of Burp Suite Professional

Web Exam

  • Practical Web application penetration testing examination 4 days (Findings 3 days and reporting 1 day)

Mobile application penetration testing

Module 1: Introduction and Resources

  • Introduction
  • Resources
  • Mobile Pentesting Certifications
  • Device Requirements
  • Mobile Application Penetration Testing Process

Module 2: Android Architecture

Learn how to hide data securely using steganographic methods.

  • Android Security Architecture
  • Application Security and Signing Process

Module 3: Android Lab Setup

  • Tools: JADX-GUI, adb, apktool, Android Studio, PimpMyKali (kali), Brew (Mac), MobSF
  • Emulator Setup & Recommendations (All Platforms)
  • Physical Device Setup

Module 4: Android Static Analysis

  • Pulling an APK From the Google Play Store
  • Intro to Injured Android
  • Android Manifest.xml
  • Manual Static Analysis
  • Injured Android Static Analysis
  • Enumerating Firebase Databases
  • Static Analysis using MobSF

Module 5: Android Dynamic Analysis

  • Intro to SSL Pinning/Dynamic Analysis
  • Dynamic Analysis using MobSF
  • Burp Suite setup
  • Proxyman setup and Usage
  • Frida and drozer setup and usage

Module 6: iOS Introduction and Architecture

  • Intro to iOS

Module 7: iOS Lab Setup

  • xCode Setup/Install
  • Using xCode
  • Developer License Setup
  • AnyTrans (Pull IPA from App Store)
  • IPATool (Pull IPA from App Store - Updated)
  • Additional Emulator Options iOS

Module 8: iOS Static Analysis

  • Manual Static Analysis
  • Automated Analysis with MobSF

Module 9: iOS Dynamic Analysis/Jailbreaking

  • Burp Suite Setup & Usage
  • Proxyman - iOS
  • SSL Pinning iOS
  • Using Objection for iOS
  • Jailbreaking
  • Burp Mobile Assistant
  • SSL Killswitch
  • Jailbreaking iOS 15.x-16.x
  • SSL Killswitch iOS 15.x-16.x
  • Traffic Interception iOS 15.x-16.x

Mobile Exam

  • Practical Mobile Application (Android and iOS) penetration testing examination 7 days (Findings 5 days and reporting 1 day)

Bonus Module: Report Writing

  • Technical Proposal
  • Non-disclosure agreement (NDA)
  • Data Requirement List (DRL)
  • Professional Report writing methodology
  • Making Checklist

Meet Our Mentors

Mentor 1

Md Foysal Hossain

CEH | ISO 27001 LA & LI | CAP | CNSP
Consultant: Red Team Assessment, EY
Security Researcher and Bug Hunter, Intigriti
Chairman and Founder: Infosec BD

Mentor 2

Md Asadujjaman Noor

CEH | C)PTE
Champion Cyber Crawler CTF IIT-DU 🏆
Runner-Up University Cyber Drill 2022
BGD e-GOV CIRT

Ready to Begin Your Cybersecurity Journey?

Book Now