INTENSIVE 6-WEEK BOOTCAMP

Become the Next Generation of Ethical Hackers

Modern companies are breached every day, not because attackers are superhuman, but because the web is full of vulnerabilities waiting to be discovered.

This program is designed to transform absolute beginners into job-ready junior web penetration testers through hands-on, real offensive techniques.

Enroll in Bootcamp View Curriculum

Bootcamp Schedule

Join our intensive 6-week program designed to take you from beginner to job-ready penetration tester.

Start Date

5 January 2026
Monday

End Date

5 February 2026
Thursday

Enrollment Closes In:

0
Months
0
Weeks
0
Days
0
Hours
0
Minutes

Time shown in East Africa Time (EAT)

Course Highlights

Everything you need to become a professional penetration tester in one comprehensive program.

Hands-On Learning

This is not a theory course. Practical, guided hacking from day one with real-world scenarios and labs.

Beginner Friendly

No prior experience required. We transform absolute beginners into job-ready penetration testers.

Industry Tools

Master Burp Suite, Nmap, cURL, browser devtools, Linux tools and other essential pentesting tools.

Professional Certificate

Earn the AstralGuard "Junior Web Penetration Tester" certificate respected by employers.

Real Vulnerabilities

Learn to exploit SQLi, XSS, SSTI, SSRF, JWT flaws, and more in realistic environments.

Live Support

Get help when you need it with our dedicated support team and community of ethical hackers.

Full Curriculum

Comprehensive training covering everything from web fundamentals to advanced exploitation techniques.

BEGINNER LEVEL — Foundations of Offensive Web Testing

Module 1 — Modern Web Architecture & Attack Surface

Students will learn:

  • How websites truly work (frontend → backend → database)
  • What an attack surface is
  • How APIs communicate
  • Common web technologies (React, Node.js, Nginx, MySQL)
  • Where real vulnerabilities live

Practical Lab:

  • Map the attack surface of a simple Notes App (ports, routes, tech stack)

Module 2 — Basic Cross-Site Scripting (XSS)

Students will learn:

  • What XSS is
  • Why sanitization matters
  • How attackers inject malicious input
  • Basic JavaScript payloads

Practical Lab:

  • Exploit a vulnerable search box
  • Exploit a stored XSS in a comment section

Module 3 — Authentication Weaknesses

Students will learn:

  • Weak login designs
  • Missing rate-limits
  • Guessable session IDs
  • Cookie tampering
  • Basic brute-force attacks

Practical Lab:

  • Brute-force a weak login
  • Fix the vulnerability as a defender
INTERMEDIATE LEVEL — Real Offensive Attacks

Module 4 — SQL Injection (Union, Error-Based, Boolean)

Students will learn:

  • How SQL Injection works
  • Extracting database names and tables
  • Bypassing filters
  • Boolean blind techniques

Practical Lab:

  • Extract data from a login form using SQLi
  • Complete a boolean blind challenge

Module 5 — DOM XSS & Advanced Payloads

Students will learn:

  • Dangerous JS sinks (innerHTML, eval)
  • Framework-specific flaws
  • XSS → session hijacking chains

Practical Lab:

  • Build a DOM XSS exploit
  • Steal fake cookies from a victim session

Module 6 — Server-Side Template Injection (SSTI)

Students will learn:

  • How template engines work
  • Identifying SSTI points
  • Basic detection techniques
  • Safe exploitation

Practical Lab:

  • Exploit SSTI in a Flask/Jinja2 app
  • Execute simple commands (no full RCE needed)
ADVANCED LEVEL — Serious Offensive Web Pentesting

Module 7 — Server-Side Request Forgery (SSRF)

Students will learn:

  • Internal network discovery
  • Cloud metadata exposure
  • Real-world attack paths

Practical Lab:

  • Use SSRF to read fake AWS metadata
  • Extract simulated IAM credentials

Module 8 — Token Exploitation (JWT, OAuth, Session Attacks)

Students will learn:

  • How JWT signing & verification works
  • Brute-forcing weak secrets
  • OAuth misconfiguration attacks

Practical Lab:

  • Break a weak JWT secret
  • Elevate privileges to admin
  • Exploit a vulnerable OAuth callback

Module 9 — HTTP Request Smuggling (Simplified)

Students will learn:

  • CL.TE desynchronization
  • Cache poisoning basics
  • Proxy desync explanations

Practical Lab:

  • Send crafted requests to observe desync
  • Poison a cache with a fake message

Module 10 — Safe Deserialization & Prototype Pollution

Students will learn:

  • How unsafe serialization works
  • How JS objects can be polluted
  • Privilege escalation using __proto__

Practical Lab:

  • Exploit unsafe JSON.parse
  • Modify object prototypes to bypass checks

What You Will Be Capable Of

By graduation, students will confidently possess these essential penetration testing skills:

Perform Full Web Application Penetration Tests

Conduct comprehensive security assessments from start to finish.

Identify & Exploit Major Web Vulnerabilities

Find and leverage critical security flaws in web applications.

Build Hacking Payloads Manually

Create custom exploits without relying on automated tools.

Understand How to Chain Vulnerabilities

Combine multiple weaknesses for deeper system penetration.

Recognize Weak Authentication Systems

Identify and exploit flaws in login and session management.

Write a Professional Pentest Report

Document findings effectively for technical and non-technical audiences.

Use Modern Tools and Attack Methodologies

Master industry-standard penetration testing tools and techniques.

Think Like a Real Offensive Security Engineer

Develop the mindset needed to anticipate and counter real-world threats.

This skillset is exactly what entry-level pentesting roles look for.

Certificate You Will Earn

Upon successful completion of the bootcamp, you'll earn a professional certificate that validates your skills as a penetration tester.

AstralGuard "Junior Web Penetration Tester" Certificate

Awarded for completing AstralGuard’s Offensive Web Pentesting program, this certificate proves hands-on skills in web security testing, ethical hacking, and vulnerability assessment. A professional credential designed for students and career changers to show employers real-world cybersecurity competency..

Recommended for all serious cybersecurity career seekers

Ready to Start Your Cybersecurity Journey?

Join the AstralGuard Offensive Web Pentesting Bootcamp and transform from beginner to job-ready penetration tester in just 6 weeks.

Enroll Now - Limited Spots Available