Education is the most powerful weapon which you can use to change the world

Having trained thousands of students on the art of network and application exploitation for the past decade, it's safe to say we enjoy teaching others how to own networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.


We love owning the application layer and this course reflects that. We want to take students on a path of obtaining offensive security knowledge in the application realm. This course is meant for those who are new to penetration testing, network administrators or indeed anyone who wants to understand more about offensive testing and get their hands dirty breaking into various networks and applications.

Course outline

Know your enemy – reconnaissance, enumeration and landscape discovery.

There’s a web application for most parts of our Internet lives and to a degree, our daily lives. With this large surface area, there’s no doubt that they are often the entry point for most breaches. If you look at some of the biggest hacks in the last 18 months, the compromises can be largely attributed to flaws in web applications.

The course focuses on the fundamentals rather than how to use specific tools. It introduces you, the student, to our hacking methodology refined over thousands of assessment conducted over the last 14 years.

SensePost Training Portal

We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.

Breaking bad – the application series

SQLi/XML/XPath/LDAP/RFI/DOM, this industry loves acronyms. From the start we cut through the acronym soup and start serving up plain and simple approaches to understand how applications are built and where vulnerabilities are introduced. This is hands on learning, not just listening.

It's imporant to align with Industry Standards, and this course follows both the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS)

Burp Suite Training Partner

A good testing tool is paramount to ensuring an application assessment delivers the results. At SensePost, we've been fans of Burp Suite for years, using it on all of our assessments. As a Burp Suite Training partner, this course will include a 30 day version of the Pro version so that students attending this course learn how to get the best out of the suite and discover web application flaws efficiently.

Location & Time

Will be discussed

Our courses are delivered publicly by our training partner Blackhat. For further information on the next public course, please visit If you wish to have In-house training, please get in touch with our sales team to discuss further.