Held in our Cyberlab in Buckinghamshire, this 3-day GCHQ-Certified training course offers a series of educational interactive training sessions where you will gain hands on experience, learning how to identify security flaws in web applications. You will also be able to exploit those security flaws to fully understand the value of fixing them.

Tranchulas online labs are available 24×7 for practising web attacks learnt during training course.

19th, 20th & 21st November 2019, Phoenix Datacom Cyberlab, Aylesbury

Download the course outline

GCHQ & IISP Accreditation

Tranchulas Hands-On Web Application Penetration Testing Training Course is accredited under the GCHQ Certified Training (GCT) scheme and by the Institute of Information Security Professionals (IISP).

The course material has been rigorously assessed against the exacting standards of GCHQ. The quality of the trainers’ delivery and the course administration has been quality checked and approved by APMG.

Who should attend?

  • Application Developers

  • Application security managers

  • Security consultants

  • QA testers

  • IT Managers

  • Penetration testers

  • Any security professional who is interested in learning about web application security.

Course attendees need a basic knowledge of HTML and Java Script and must bring their own laptop.

CWASP Certification

This course leads to the exclusive Certified Web Application Security Professional (CWASP) certification, which will test your technical skills on a live but simulated web application where you are expected to discover and exploit security vulnerabilities. Students are required to pass our online lab test in order to receive CWASP certification.

Tranchulas Online Labs

Tranchulas Online Labs are available 24×7 for practicing web attacks learnt during training course. Online labs have several web applications based on real world scenarios which can be exploited and have different difficulty levels. Vulnerabilities include but are not limited to XSS, SQL Injection, CSRF, cookie manipulation, local file inclusion.

Students are required to discover and exploit vulnerabilities in order to pass online labs and receive Tranchulas Certified Web Application Security Professional (CWASP) Certification.

Post Training Support

You can connect with Tranchulas Online labs for 90 days to practice your hacking kung-fu after the training course. During this time our technical team will provide you email/phone/skype support in order to ensure the skills acquired on the training course are being applied correctly.

About the Trainer

Tranchulas training and workshops are conducted by world’s top information security experts. Our instructors are featured speakers at renowned security conferences such as Hack in the Box Malaysia, InfoSek Slovenia, Hack.lu Luxembourg, CONFidence Krakow, Troopers, Shakacon, OWASP Europe and BruCON Belgium.

Entry Requirements

Course attendees need a basic knowledge of of HTML and Java Script and must bring their own laptop computer.

Laptop minimum requirements:

  • CPU: 1.5 GHz or higher

  • Minimum 4 GB RAM

  • 20 GB of free space on your Hard Drive

  • Wireless 802.11 b/g

  • Should have the capability to have local administrator access within the Operating system and disable antivirus if required.

  • You must set up a Windows Virtual machine on your system if your primary OS is not windows.

Register for more information and pricing


  • (Valid work email required.)
    (You can withdraw your consent at any time by using the ‘unsubscribe’ option in the messages you receive from us)