Education is the most powerful weapon used to change the world

Having trained thousands of students on the art of network and application exploitation for the past decade, it's safe to say we enjoy teaching others how to own networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.



This hands-on course teaches the student the fundamentals of how applications are built and where vulnerabilities are introduced in the development process. Designed for those new to penetration testing, network administrators or who want to understand more about offensive testing by breaking into various networks and applications, this course follows both the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS).

Course outline

Know your enemy – reconnaissance, enumeration and landscape discovery.

There’s a web application for most parts of our Internet lives and to a degree, our daily lives. With this large surface area, there’s no doubt that they are often the entry point for most breaches. If you look at some of the biggest hacks in the last 18 months, the compromises can be largely attributed to flaws in web applications.

The course focuses on the fundamentals rather than how to use specific tools. It introduces you, the student, to our hacking methodology refined over thousands of assessment conducted over the last 14 years.

SensePost Training Portal

We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.

Breaking bad – the application series

SQLi/XML/XPath/LDAP/RFI/DOM, this industry loves acronyms. From the start we cut through the acronym soup and start serving up plain and simple approaches to understand how applications are built and where vulnerabilities are introduced. This is hands on learning, not just listening.

It's imporant to align with Industry Standards, and this course follows both the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS)

Burp Suite Training Partner

A good testing tool is paramount to ensuring an application assessment delivers the results. At SensePost, we've been fans of Burp Suite for years, using it on all of our assessments. As a Burp Suite Training partner, this course will include a 30 day version of the Pro version so that students attending this course learn how to get the best out of the suite and discover web application flaws efficiently.


If you wish to have training, please get in touch with our sales team to discuss further.