Enroll now in the most revolutionary
Web App Hacking Lab Online

	100% Hands on practical training (no slides)		Real world scenarios
	Got stuck? Get hints during the battle		No software to run or configure: it's online
	Increasing difficult educational challenges		Multiplatform

Yes I want to get 1 month in Coliseum now for $199 $99
I will have until August 24th to activate my access

or save $50 now...

Yes I want to get 2 months in Coliseum now for $249 $149
I will have until August 24th to activate my access

Note: Our labs run on cloud servers so we are accepting a limited numbe of applicants at the current price

This is what you will get if you Enroll now:

	14 educational battles		Free access to our forums
	Links and downloads of necessary tools		Unmetered access to our servers (24/7)
	100% hands on + Learning bits when you are stuck		Learn SQLi on MySQL and MS SQL

This is what you learn if you Enroll now:

	Become familiar with the tools real pentesters use		SQL injection through different techniques
	How to analyze and inspect web applications		CSRF and all other OWASP TOP 10 vulns
	Basic and advanced XSS exploitation		Joomla vulnerabilities

Pre-requisites:

	Basic understanding of web applications (cookies, sessions...)		Internet speed: 128Kbit/s
	PC/MAC with any Web Browser		OS: Win/OSX/*Nix
	CPU 1ghz - 1Gb RAM		Recommended: Backtrack 4+

250 students have already tested our labs

This is what they say about Coliseum Lab:

I'm Luiz Arruda from Brazil, and I'm a Security Analyst. I was thinking that I knew something, now after the labs, I'm sure that I know something!
The Coliseum is a tremendous tool in practicing critical skills essential to a succesful pentester. Jeff C. USA - CISO
I'm Alex from Israel. The coliseum gave me an opurtunity to play with great tools in a real world scenarios. It really helped me to understand how some of the most dangerous attacks on the web works in a very short time
I am a web application penetration tester and it is hard to find quality labs for learning and testing web applications. These labs are right on the money in providing instructions and fun labs that will increase a person's skillsets as a web app pentester
James here. I teach IT security in Singapore. Hope that I can bring the Coliseum lab to students.
Before entering the Coliseum was not sure if I had fully understood the lessons of the course, but after 2 weeks in the lab I was able to fix the knowledge and feel confident with the techniques I've learned. Surely Armando and the eLearnSecurity staff are developing an excellent job in the course and in the Coliseum.
I'm J.H. From Denmark, I work with network security, before i joined this course, I had a hard time understanding the complexity of XSS. But after reading the provided material, XSS seems so simple, after trying it in practice at the coliseum, I achieved an even greater understanding of how it work, and that is only one element out of many.

This is what you will do during your lab time

Battle	Vulnerabilities	Difficulty	What you will learn

Poema reading club 1 Poema is a small club of book loving people, into poetry and spiritualism. They do not drink alcohol and do not party. They read and think But you know, what you see is not always what you get in life. Uncover their secrets and master the use of Burp Suite and Dirbuster. Learn how to crawl a website, find hidden files and analyze web applications. Oh, by the way, Cicero will be glad to help you during your battle giving the hints you want, when you need them.	Hidden directories	Easy	How to configure the scope of your tests in Burp Suite How to crawl a website How to find out hidden files on a web server How to use fuzzing tool for information gathering How to manipulate Request/Responses through Burp Suite
Poema reading club 2 The reading club has hired you to uncover any cross site scripting available on their website. Will you find them? Fire up Burp Suite and analyze the website. Manually inspect every parameter and, as always, Cicero is there to help you out if you are stuck	XSS	Easy	How to find basic XSS How XSS an affect a web page How to make the most basic exploitation of a XSS vulnerability
Poema reading club 3 Well, you'd expect that they had properly fixed the XSS that you had found in previous steps and indeed they tried to do so. But you know how these web developers are, they try do it quick and dirty. Make sure that you find a way to get around their protection and produce a working exploit for the XSS that yes, is still there.	XSS	Medium	How to bypass simple client-side input validation How to perform basic XSS exploitation
Poema reading club 4 The club has hired you again, to check out some new features that web developer has uploaded on the website. It's a system allowing Miss. Charlotte and the other chicks to comment on their latest readings. A new challenge for you, sharpen your sword, this one has tigers and fighters from the far east legions.	XSS	Medium	How to find XSS vulnerabilities How to bypass simple XSS protections How to exploit persistent XSS How to change the appearance of a web page through DOM manipulation
Poema reading club 5 Did you know you could browse through a whole library of boring books? Yes, it' a new feature of the Poema reading club that requires your Fu to be tested. Guess what? There is some user input involved...	SQL Injection	Medium	How to find SQL injection vulnerabilities manually How to determine if a SQL injection is of type “blind” or “error based” How to extract information from a database using sqlmap
Poema reading club 6 Oh boy, you should see how shining their new Microsoft SQL Server is. The poema reading club is getting serious about their infrastructure and so should you with this new battle. Bring your best swords and your most shining sandles, this is gonna be epic!	SQL Injection	Medium	How to find SQL injections in MS SQL Server How to determine if a SQL injection is of type “blind” or “error based” How to extract information from a database using a web browser and Error based techniques
Poema reading club 7 New feature new bugs. Are you gonna find them? Are your tools finding these vulnerabilities? Is you sqlmap exploiting this injection? Prove your skills, use your advanced SQL injection techniques.	SQL Injection Cookie manipulation	Difficult	How to inspect encoded Cookies How to manipulate JSON How to exploit UNION SQL injection manually
Arrogant Bank Enough educational stuff. It's time for a real challenge. Arrogant bank inc. is not unlike any other bank in the world. It's just that they actually say what they think. Are you able to become the richest in the bank? Prove it!	SQL Injection, Cookie Manipulation	Medium	Inspecting the application logic Discovery of SQL injection Exploitation of SQL injection using sqlmap
Tomato Lovers 1 Tomato lovers is a small website of Tomato fans. They share recipes and photos of delicious tomatoes. They recently became a new client of yours and you have to carry out a penetration test on their website. Find out any security issues related to their photo sharing application.	Unrestricted File Upload	Easy	How to find and exploit vulnerable upload forms How to determine the impact related to an Unrestricted File Upload vulnerability How to write your own PHP Shell
Tomato lovers 2 Tomato lovers web developer just wants to accept JPG's. JPG is the latest safe format for images you know. Please provide a proof of concept for the unfortunate web developer and demonstrate that their security mechanism is really pathetic.	Unrestricted File Upload	Medium	How to find and exploit vulnerable upload forms How to bypass file upload filters
Tomato lovers 3 Curry, Salt, Romain lettuce and Fruits - CSRF! This is what CSRF means for them. Please find all the CSRF in their website and build a proof of concept for the admin. You know, they don't believe you until they see the danger.	CSRF	Medium	How to find a CSRF vulnerability How to build a working payload exploiting a CSRF vulnerability How to verify if the payload actually worked or not
Music shop 1 And the winner is...Justin Bieber. This website runs fake Music charts where no matter what their members vote, Justin will always be on Top. If you are Justin's fan you can make sure that the website is protected from haters. If you are a hater, you can make sure to do some Justice. In either case, you will need to overclock your brain as this is going to be a challenging battle!	Insecure Direct Object Reference, Cookie manipulation	Medium	How to reverse engineer the functioning of a web application How to configure advanced options of Burp Suite How to use Burp Suite Match and replace feature
Music shop 2 They fixed any logic flaw affecting their website. Or so they said. This time you have to really have the gut of an investigator to break in.	Failure to restrict URL access	Medium	How to inspect application flow through Burp Suite How to manipulate Request/Responses automatically through Burp Suite How to exploit logic flaws
Soccer 1 Joomla is awesome. Third party addons equals more awesome fun. The webmaster of this website is using Joomla to put together stats and news about Soccer. There's a tiny little thing he cares the most: how many Scudetti's FC Juventus actually have. Someone says 29, he says 27. Don't be evil, just prove him wrong.	Local File Inclusion	Hard	How Joomla works How to look for exploits online How to bypass filters How Local file inclusion vulnerabilities work Which local file inclusion vulnerabilities can be exploited on Windows/IIS stack

Yes I want to get 1 month in Coliseum now for $199 $99
I will have until August 24th to activate my access

or save $50 now...

Yes I want to get 2 months in Coliseum now for $249 $149
I will have until August 24th to activate my access

Note: Our labs run on cloud servers so we are accepting the first 100 applicants at the launch price
Registration will reopen at regular prices later this summer.