Application Penetration Testing Training

Learn how to hack modern web apps



Looking to improve your application security testing skills? Or are you planning to sit your CREST Certified Tester (Applications) exam? Our three day intensive application penetration testing training course is aligned to the CCT practical syllabus and comes with access to 4ARMED’s exclusive and comprehensive lab environment.

Our hands-on exercises will put you through your paces and enable you to practice the skills you have been taught and to prepare for the demands of the CCT practical exam.

Course Contents

  • Introduction
  • The World Wide Web 101
  • Enumeration
  • Authentication and Session Management
  • Access Control and Cross-Site Request Forgery
  • Cross-Site Scripting
  • SQL Injection
  • XML External Entities
  • Remote Code Execution
  • SSL/TLS Misconfiguration
  • Real World Security Flaws
  • Capture The Flag Exercise

Online Lab Environment

We have over seventy different practical exercises which you can attempt during the training, covering all the topics listed in the syllabus.

Our labs incorporate numerous technologies including Java, Python, Go, Ruby on Rails, Node.js, ASP.NET, PHP, Microsoft SQL Server, PostgreSQL and MySQL with more being added regularly.

Extended access post-course via the Internet can be arranged at a small additional cost.

Who Should Attend?

This course is aimed at application penetration testers who are looking to gain their CCT App qualification. It covers over 90% of the practical elements of the CCT App syllabus and is designed to consolidate existing knowledge, cover any gaps you may have and provide ample opportunity to practice the hands-on skills with our exclusive, custom-built lab environment.

If you are more junior this course can easily be slowed down and tailored to your requirements. We often deliver this training with an extra day so we can dig into the topics in even greater detail and spend more time on the labs. Ask us!


There are minimal equipment requirements for this course.

  • Laptop computer with Internet access
  • Intercepting Proxy installed and working (Burp Suite Professional recommended)
  • Python and Ruby are highly recommended also

Next Steps

Want to discuss your requirements further? Wondering whether Application Penetration Testing Training is right for your business? There's an easy way to find out, give us a call or complete this handy contact form to tell us where you're at and we will work with you to find the best solution for you.
+44 (0)203 475 2443
4ARMED Limited
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England