Skip to content

Services, Wiki-Artikel und Blog-Beiträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen
Online Workshop Hands-on Lab OWASP Top 10

Learn to hack. Like a pro.

Practical 2-day workshop: penetration testing for web applications with Kali Linux, Burp Suite and OWASP Top 10 - online on German servers, without US providers.

2 days / 16 units
Max. 12 participants
30 days lab access
Reserve My Seat View Curriculum

Next date: 22-23 Jun 2026 · Seats available

Learning penetration testing for web applications systematically

In two intensive days you learn the methodology, tools and mindset of professional penetration testers. The workshop combines solid theory with immediately applicable practice - in a safe virtual testing environment where you try out real attack techniques.

Unlike pure theory courses, we focus on learning by doing: every topic is deepened through a practical exercise. You work with Kali Linux and Burp Suite - the standard tools of professional penetration testers. Our trainers are active security consultants with OSCP certification and experience from hundreds of penetration tests.

Why should you learn pentesting?

The ability to think like an attacker is the best foundation for effective defence. Whether you administer systems, develop software or are responsible for IT security - those who can find vulnerabilities themselves prevent others from exploiting them. According to BSI threat reports, more than 70 new vulnerabilities are published daily. Many of them affect web applications.

Your benefits

  • Understand the attacker's perspective: Learn how hackers analyse web applications and identify vulnerabilities
  • Hands-on experience: Work with Kali Linux, Burp Suite, Nmap, SQLMap and Hashcat in a realistic environment
  • OWASP Top 10 in practice: Each of the Top 10 vulnerabilities is not just explained but actively exploited
  • Safe lab environment: All exercises in an isolated cloud environment - no risk to real systems
  • Small groups: Max. 12 participants for individual coaching and expert discussions
  • 30 days lab access: After the workshop you can continue practising and deepen what you've learned for 30 days
  • Career foundation: Ideal entry point for CTFs, Hack-the-Box challenges and the path to OSCP certification

The Lab Environment

Each participant receives their own fully pre-configured environment in the cloud:

  • Attacker system: Kali Linux with pre-installed tools (Burp Suite, Nmap, SQLMap, Hashcat, DirBuster, etc.)
  • Target systems: Multiple intentionally vulnerable web applications with realistic scenarios
  • Access: Via browser - no installation on your machine required
  • Post-workshop access: 30 days lab access for independent practice after the workshop

Curriculum

Day 1 - Fundamentals, Reconnaissance & Web Proxy

Morning (09:00-12:30)

  • Lab environment orientation: Kali Linux, terminal basics, network setup
  • Ethical and legal foundations: legal framework (§202a-c StGB / computer crime laws), authorisation, responsible use
  • Hacking fundamentals: how do attackers think? Kill chain, phases of a penetration test
  • Core concepts: CVE, CVSS, exploit, payload, reverse shell, privilege escalation
  • HTTP fundamentals: request/response, headers, cookies, sessions, REST APIs
  • Hands-on: Getting to know Kali Linux - first commands and tool orientation

Afternoon (13:30-17:00)

  • Reconnaissance: passive vs. active information gathering
  • OSINT techniques: Google Dorks, Shodan, WHOIS, DNS enumeration, subdomain discovery
  • Nmap: port scanning, service detection, NSE scripts for vulnerability scanning
  • Web proxy fundamentals: intercepting and analysing HTTP traffic
  • Browser developer tools as a security tool: DOM inspection, cookie manipulation, console
  • Hands-on: Setting up Burp Suite, intercepting and analysing HTTP traffic of a target site
  • Challenge: Reconnaissance task - find all information about the target system
Day 2 - OWASP Top 10, Exploitation & Reporting

Morning (09:00-12:30)

  • OWASP Top 10 overview: the most common vulnerabilities in web applications
  • SQL Injection: types (error-based, blind, time-based), detection and exploitation with SQLMap
  • Cross-Site Scripting (XSS): reflected, stored, DOM-based - payloads and impact
  • Broken Authentication: session hijacking, credential stuffing, token manipulation
  • IDOR and Broken Access Control: privilege escalation at application level
  • Hands-on: Practising SQL injection and XSS on the vulnerable target application

Afternoon (13:30-17:00)

  • Password cracking: brute force, dictionary attacks, rainbow tables, Hashcat in practice
  • Social engineering: phishing fundamentals, pretexting, baiting - detection and defence
  • File upload vulnerabilities: web shells, bypassing upload filters
  • Server-Side Request Forgery (SSRF) and XML External Entities (XXE)
  • Reporting: how to document findings professionally? CVSS scoring, remediation recommendations
  • Final Challenge: Capture the Flag - find all flags in the target environment
  • Further resources: HackTheBox, TryHackMe, OSCP preparation, bug bounty programmes

Who is this workshop for?

The workshop is aimed at anyone who wants to learn penetration testing for web applications from the ground up. Particularly suitable for:

  • System and network administrators - who want to understand how attackers compromise their systems
  • Developers and DevOps engineers - who want to write secure software and avoid common vulnerabilities
  • IT security officers - who need a practical understanding of technical security assessments
  • IT managers and team leads - who must evaluate and prioritise pentesting results
  • Career changers - pursuing a career in IT security who want a hands-on entry point
  • Students - of computer science, IT security or related fields seeking practical experience
  • CTF enthusiasts - who want to build skills systematically and learn professional methodology

Prerequisites

  • Recommended: Basic networking knowledge (IP addresses, HTTP, DNS, ports)
  • Helpful: Command line experience (Linux or Windows terminal)
  • Not required: Prior knowledge of IT security, pentesting or programming
  • Your own computer with stable internet connection (lab is fully cloud-based)
  • Current browser (Chrome, Firefox or Edge) - no additional software installation required

Certificate & Career Paths

After successful participation you receive the AWARE7 Participation Certificate "Penetration Testing for Web Applications", confirming your acquired skills in:

  • Reconnaissance and information gathering (OSINT, Nmap, DNS enumeration)
  • Web application security testing per OWASP Top 10
  • Exploitation with Burp Suite, SQLMap and Kali Linux
  • Password cracking and credential attacks
  • Social engineering: methods and detection
  • Professional reporting of security findings

Career Paths in Pentesting

  • OSCP (Offensive Security Certified Professional) - the reference certification for pentesters. This workshop provides the foundations you need for OSCP preparation.
  • CEH (Certified Ethical Hacker) - widely recognised certification focusing on methodology and tools
  • BSCP (Burp Suite Certified Practitioner) - specialisation in web application testing
  • Bug Bounty Hunter - earn money finding vulnerabilities for companies like Google, Meta or Microsoft
  • T.I.S.P. - TeleTrusT Information Security Professional for a broader security career

After the Workshop

  • 30 days lab access for independent continued practice
  • Recommended learning paths and resources for further development
  • Access to our alumni community for professional exchange
  • 10% discount on follow-up courses at AWARE7

Upcoming Dates

22-23 Jun 2026
Online
Available
07-08 Sep 2026
Online
Available
23-24 Nov 2026
Online
Available
Reserve Seat

Frequently Asked Questions

The workshop is aimed at system and network administrators, IT security officers, developers, DevOps engineers and career changers who want to acquire fundamental penetration testing skills. Developers who want to understand how attackers target their applications - and how to prevent it - benefit especially. No prior knowledge of IT security or pentesting is required.
Basic networking knowledge (IP addresses, HTTP, DNS) is recommended. Experience in IT security, pentesting or programming is not required - the workshop is designed as an entry point and builds systematically. If you can operate a browser and a terminal, you can participate.
You work with Kali Linux as the base operating system and industry-standard tools: Burp Suite (web proxy and scanner), Nmap (network scanner), SQLMap (SQL injection tool), Hashcat (password cracking), OWASP ZAP and more. All tools are pre-installed in the provided virtual testing environment - you do not need to configure anything yourself.
Two full days of online live training with experienced penetration testers, access to a professional virtual lab environment with prepared scenarios, an AWARE7 participation certificate, all training materials as PDF, a web application pentesting checklist, and 30 days of lab access after the workshop for continued practice.
The workshop runs exclusively on a GDPR-compliant platform on German servers - without Zoom, Teams or other US-based providers. The lab environment is browser-based and requires no installation. You work in real time with the trainer and other participants via video, audio and chat. For group bookings of 5 or more, we can customise content and lab scenarios to your infrastructure.
In the workshop you work exclusively in a safe, isolated virtual testing environment - no real systems are attacked. The legal framework (German §202a-c StGB, equivalent to CFAA/Computer Fraud regulations) is covered in detail on the first day. Professional pentesting is always authorised and contractually regulated. You learn the ethical and legal principles that responsible use of security knowledge requires.
The workshop covers fundamental methodology and tools that are also relevant in the OSCP exam: reconnaissance, exploitation, privilege escalation, report writing. However, it is not an OSCP preparation course - that would require significantly more extensive training. The workshop is ideal as an entry point to check whether pentesting is the right career path for you.
The lab runs in the cloud and is accessible through your browser - no installation on your machine required. You get access to a fully pre-configured Kali Linux instance and several intentionally vulnerable web applications (targets). The environment is individually provisioned for each participant so you can work at your own pace.
Three things: first, live interaction with experienced penetration testers who answer questions in real time and provide individual guidance. Second, a professional lab environment with realistic scenarios from our consulting practice - not generic tutorials. Third, small group size (max. 12) ensuring nobody gets left behind. Free courses offer good content but not a comparable learning experience.

Your Trainers

Active penetration testers with OSCP certification and experience from hundreds of security assessments. Not theoretical textbook knowledge, but practical experience from real engagements.

Vincent Heinen
Vincent Heinen

Abteilungsleiter Offensive Services

E-Mail
PGP 1DDAA57F2B972787

M.Sc. IT-Sicherheit mit über 5 Jahren Erfahrung in offensiver Sicherheitsanalyse. Leitet die Durchführung von Penetrationstests mit Spezialisierung auf Web-Applikationen, Netzwerk-Infrastruktur, Reverse Engineering und Hardware-Sicherheit. Verantwortlich für mehrere Responsible Disclosures.

Responsible Disclosures: CVE-2023-0865 CVE-2025-43579 CVE-2025-53533
OSCP+ OSCP OSWP OSWA
Vollständiges Profil ansehen

Aus dem Blog

Weiterführende Artikel

Ready to start hacking like a pro?

Max. 12 participants. 2 intensive days. 30 days lab access included. EUR 1,400 net.

Reserve My Seat

Kostenlos · 30 Minuten · Unverbindlich