Penetration Testing Methodology According to OWASP | Cyber Rangers

services

Training sessions

Penetration Testing Methodology According to OWASP

This training focuses on a methodological approach to penetration testing of web applications based on the OWASP WSTG (Web Security Testing Guide) and OWASP ASVS (Application Security Verification Standard) frameworks.

Many penetration testers possess strong technical skills but often lack a structured, methodical approach to testing. This training provides a comprehensive overview of an optimal penetration testing workflow using standardized procedures.

During the training, we will go through selected OWASP WSTG categories and demonstrate how to effectively incorporate them into the testing process. In addition, we will complement the testing approach with recommendations from OWASP ASVS, which help better structure and evaluate the security aspects of web applications.

Language: Czech

Penetration testers, developers, security managers, and team leads
8.9.2025
20
6 hours in 1 day
Prague
CZK 12,500 excl. VAT (if purchased by June 30, 2025, afterwards CZK 22,500 excl. VAT)

Trainer
Jan Plaček

What participants will take away from the training:

  • How to structure penetration testing according to OWASP WSTG
  • How to use ASVS as support for systematic testing and application security assessment
  • How to connect a methodological approach with practical testing using Burp Suite Community Edition
  • How to effectively integrate testing methodologies into your own workflow

Prerequisites / Expected knowledge:

  • Knowledge of how web applications operate (HTTP, cookies, sessions, forms) 
  • Understanding basic and advanced security concepts (XSS, SQLi, brute force, roles vs. permissions)

What participants will use and need during the training:

  • Notebook with software installation options (Windows, macOS, or Linux)
  • Burp Suite Pro / Community Edition – must be installed before the training
  • Web browser (Chrome, Firefox, etc.)
  • Wi-Fi internet connectivity will be provided on-site
  • Recommended (not mandatory): Virtual machine with Linux (e.g., Kali, Parrot, Ubuntu). Suitable for bonus tests according to WSTG outside the basic scenario