The WAHS Web Application Hacking & Security teaches you how to attack, secure and protect web applications against the most common and advanced web threats. The training covers the complete OWASP Top 10 and goes further with advanced attack techniques, API security and modern web application architectures. WAHS is EC-Council's most hands-on web application security training.
E-learning via the official EC-Council iClass platform
The WAHS at OEM is an official EC-Council iLearn e-learning: completely self-paced, at your own speed, 365 days access. You learn through professionally recorded video lectures by EC-Council Certified Instructors, combined with extensive hands-on labs in a web application testing environment. Start immediately after activation.
OEM offers the lowest price for official EC-Council e-learning in the Netherlands. Found the same training cheaper elsewhere? We'll match that price.
Who is this e-learning for?
Suitable for penetration testers, web application developers, security engineers and IT professionals who want to secure or penetration test web applications. Basic knowledge of web application development (HTML, HTTP, JavaScript) and information security is required.
What will you learn in the WAHS e-learning?
- Assess web applications for vulnerabilities in accordance with the OWASP Top 10
- Execute and mitigate SQL injection, XSS, CSRF and XXE attacks
- Identify and exploit authentication and authorisation vulnerabilities
- Analyse and mitigate API security risks (REST, GraphQL, SOAP)
- Exploit broken access control and IDOR vulnerabilities
- Execute server-side request forgery (SSRF) attacks
- Exploit OAuth 2.0 and JWT vulnerabilities
- Bypass web application firewalls (WAF)
- Identify and exploit business logic vulnerabilities
- Produce professional web application penetration test reports
WAHS course content
- Understanding web application components and architecture
- Applying the OWASP Testing Guide for systematic testing
- Broken Access Control: IDOR, privilege escalation and path traversal
- Cryptographic Failures: insecure storage and transmission of sensitive data
- Injection: SQL, NoSQL, OS and LDAP injections
- Cross-Site Scripting (XSS): reflected, stored and DOM-based
- CSRF, clickjacking and XML External Entity (XXE) attacks
- Testing API security: REST, GraphQL and SOAP
- Exploiting OAuth 2.0 and JWT vulnerabilities
- WAF bypass and anti-forensics in web application testing
Exam and certification
The WAHS exam is taken via the EC-Council ECC Exam Centre (online). The certification is valid for 3 years.
What is included?
- Official EC-Council WAHS e-course materials
- Extensive hands-on labs in a web application testing environment
- Exam voucher for the WAHS exam
- 365 days access to the iClass learning platform
- Online mentor for technical questions for 90 or 365 days after activation
- Certificate of participation
SLIM subsidy
As a Dutch SME, you may be eligible for the SLIM subsidy for ICT training. The Dutch government reimburses 60% of your training costs, up to a maximum of €24,999. Period 2 opens 10 August 2026.
Related training courses
Request a quote via our quote form or contact us via our contact page. Or ask Sanne, our AI assistant - available 24/7 via the blue icon at the bottom right of the page.
