Hacktify Certified Pentester – HCPT

About the Certification

Our "Hacktify Certified Pentester" Certification is a comprehensive program meticulously crafted to empower you with the skills and knowledge necessary for the critical task of assessing and securing web applications. In today's increasingly digital landscape, the security of web applications is more crucial than ever. This certification offers a well-structured and hands-on approach to help you not only comprehend the wide array of web application security risks but also to master the methodologies required to effectively mitigate them. As cyber threats continue to evolve, the demand for individuals proficient in web application security is at an all-time high. By the end of this certification, you'll have the competence and confidence to safeguard web applications against vulnerabilities and potential security threats, ensuring their robust protection in an ever-changing digital world. Join us and become a skilled web application security professional who can confidently address the challenges of today's cyber landscape.

What will you learn?

"In this comprehensive Certification, you will master the art of web application security. Covering 18 modules, you'll gain expertise in penetration testing fundamentals, authentication bypass, XSS vulnerabilities, rate limiting, CSRF attacks, and more. Learn to identify and mitigate security risks, including SQL injection, SSRF, and subdomain takeovers. Discover top bug bounty platforms and develop the skills needed to assess and secure web applications. This Certification empowers you to protect digital assets in an ever-evolving digital landscape."

  • Introduction
  • Penetration Testing Fundamentals
  • Authentication Bypass
  • Cross Site Scripting
  • Rate Limiting
  • CSRF
  • Open Redirect
  • Cross Origin Resource Sharing Attacks
  • Click Jacking Attacks
  • HTML Injection Attacks
  • Broken Link Hijacking
  • Session related Issues
  • SQL Injection Attacks
  • Server Side Request Forgery
  • Local File Inclusion
  • Remote Code Execution
  • Subdomain Takeovers
  • Bug Bounty RoadMap
  • Capstone Project

Module 01

Introduction | 02 Hours

  • Types of Hackers
  • Introduction to VAPT
  • VAPT vs Bug Bounties
  • Some Basic Terminologies
  • Setting Up your Hacking environment

Module 02

Penetration Testing Fundamentals | 02 Hours

  • OWASP10
  • OWASP 2013 vs 2017 vs 2021
  • Mitre Framework
  • Top 10 Rules for Bug Bounties
  • CVSS Framework

Module 03

Authentication Bypass | 04 Hours

  • OTP Bypass
  • Captcha Bypass
  • Response Manipulation
  • Status code manipulation
  • OTP Code leakage
  • JS File Analysis
  • 2FA Code Reusability
  • Lack of Bruteforce Protection
  • Missing 2FA code integrity validation
  • Password Reset Disable 2FA
  • Backup Code Abuse
  • Clickjacking disables 2FA
  • Enabling 2FA doesn’t expire previous
  • sessions
  • Bypass 2FA with null or 00000
  • Mitigations

Module 04

Cross Site Scripting | 04 Hours

  • Reflected XSS
  • Stored XSS
  • Blind XSS
  • Post based XSS
  • Post Message
  • Mitigations

Module 05

Rate Limiting | 02 Hours

  • No Rate Limiting
  • Rate Limit Bypass using headers
  • Rate Limit Bypass using special
  • Characters
  • Race Conditions
  • Mitigations

Module 06

CSRF | 02 Hours

  • CSRF Attacks
  • CSRF to Account Takeover
  • CSRF to Account Delete
  • CSRF Bypass Techniques
  • Mitigations

Module 07

Open redirect | 02 Hours

  • Open Redirect Attack
  • Open Redirect DOM Based Attacks
  • Open Redirect Bypasses
  • Mitigations

Module 08

Cross Origin Resource Sharing Attacks | 02 Hours

  • CORS Attacks via CURL
  • CORS Attacks via Burpsuite
  • CORS Attacks Suffix match
  • CORS Attacks Prefix Match
  • CORS Attacks Not escape dot
  • CORS Attacks Substring Match
  • CORS Attacks Trust Null
  • CORS Attacks Mitigations

Module 09

Module 09

Click Jacking Attacks | 02 Hours

  • X-Frame Options
  • iFrames
  • Mitigations

Module 10

HTML Injection Attacks | 02 Hours

  • HTML Injection Iframes
  • HTML Injection Deface
  • Mitigations

Module 11

Broken Link Hijacking | 02 Hours

  • Broken Link Hijacking – Social Media 4 Links
  • Broken Link Hijacking – Github/S3 Buckets
  • Mitigations

Module 12

Session related Issues | 02 Hours

  • Session Hijacking
  • Session Fixation
  • Failure to Invalidate Session
  • Mitigations

Module 13

SQL Injection Attacks | 04 Hours

  • SQL Injection Types
  • SQL Injection with SQLMap
  • SQL Injection Bypass with Atlas
  • Mitigations

Module 14

Server Side Request Forgery | 02 Hours

  • SSRF Fundamentals
  • Internal SSRF
  • External SSRF
  • Microstratergy SSRF
  • Mitigations

Module 15

Local File Inclusion| 02 Hours

  • Local File Attacks
  • Local File MPEG Attacks
  • Local File Inclusion Linux Attacks
  • Local File Inclusion Windows Attacks
  • Mitigations

Module 16

Remote Code Execution | 02 Hours

  • RCE
  • Apache Struts2 RCE
  • File Upload RCE
  • Apache Tomcat WAR RCE
  • Mitigations

Module 17

Subdomain Takeovers | 02 Hours

  • Active Subdomain Takeovers
  • Passive Subdomain Takeovers
  • Subdomain Takeovers – AWS
  • Subdomain Takeovers – Shopify
  • Subdomain Takeovers – Can I Take Over
  • XYZ 2
  • Subdomain Takeovers – New Exclusive
  • Takeover Template
  • Mitigations

Module 18

Bug Bounty Road Map | 02 Hours

  • Bugcrowd Platform
  • Hackerone Platform
  • Intigriti Platform
  • Private RVDP Programs

Module 19

Capstone Project | 04 Hours

  • Web App Capstone Project
  • Professional Report Writing

Exam – MCQ + Practical | 04 Hours

Our Instructor

Meet Our Expert Instructor

Rohit Gautam

Hacktify Certified Instructor

Winner of Cyber Security Samurai of Year 2023, Director at Hacktify, Principal Security Consultant, Adjunct Prof. at Mandsaur University.

Shifa Cyclewala

Hacktify Certified Instructor

Winner of Top 20 Women Influencers Cyber Security in India 2022. Winner of Top Women Influencer Cyber Security in India 2023 by Bsides Bangalore.

hacktify team

Hacktify Certified Instructor's

We are a team of passionate cybersecurity experts, hackers turned ethical defenders, and technology enthusiasts Blue Team Cyber Suraksha 2023 Indian Army 2021 (Sainya Ranakshetram) Hackathon by Karnataka Govt. 2020 CIT Hackathon 2022 Noob Army Vulncon 2020 Southern California Tech Summit 2021

0 +




Comprehensive Introduction to Web Application Security: This course offers a comprehensive introduction to web application security, equipping students with a strong foundational knowledge of the key concepts and terminologies related to security in web applications.

Expertise in Penetration Testing Fundamentals: Students gain a deep understanding of penetration testing fundamentals, including insights into the OWASP Top Ten, Mitre Framework, and CVSS Framework. This knowledge is invaluable for identifying vulnerabilities and conducting security assessments.

Authentication Bypass Skills: Students learn various techniques for authentication bypass, including OTP bypass, captcha bypass, and response manipulation. This knowledge is crucial for identifying and mitigating vulnerabilities related to user authentication.

Proficiency in Handling Cross-Site Scripting (XSS) Vulnerabilities: XSS is a prevalent web application security issue. This course covers various types of XSS attacks, along with mitigations, enabling students to recognize and remediate these vulnerabilities effectively.

Rate Limiting and CSRF Expertise: The course delves into rate limiting and CSRF (Cross-Site Request Forgery) attacks, including their impact and mitigation techniques. Students develop the skills necessary to prevent and address these security threats.

Real-World Application: With a capstone project at the end of the course, students have the opportunity to apply the knowledge gained in a practical context. They'll engage in a web application security project and learn professional report writing, preparing them for real-world scenarios.