VEXA-WPT · Intermediate

VEXA Certified Web Penetration Tester

Hands-on web hacking training from recon to reporting.

6 weeks · 20–30 hours totalBest for: Developers, security engineers and bug bounty hunters.

Enroll now Download syllabus (PDF)

What you will learn

End-to-end web pentest workflow using Burp Suite.
Core vulns: XSS, SQLi, auth flaws, access control and IDOR.
How to chain findings into real impact.
Writing professional-style pentest and bug bounty reports.

Syllabus overview

Module 1 · Web Hacking Foundations

Recon, mapping and content discovery
Lab: mapping a target with Burp

Module 2 · Injection & XSS

SQL injection and XSS payload practice
Labs on test targets and practice apps

Module 3 · Auth & Access Control

Broken auth, session issues and IDOR
Hands-on broken access control labs

Module 4 · Advanced Findings & Reporting

SSRF, logic bugs and chaining
Capstone: mini web pentest + report

Requirements & assessment

Basic security or IT knowledge recommended.
Laptop with a modern browser and ability to run labs.
Commitment to complete labs, quizzes and a final capstone project.

Certification & digital badge

Complete all mandatory labs and the final assessment to receive your verified VEXA-WPT digital badge, ready to share on LinkedIn and CVs.