Penetration Testing
Learn to think the way attackers do. Your team gains the skills to plan and execute structured penetration tests that surface real, exploitable weaknesses across applications and infrastructure.
Learn to think the way attackers do
This intensive five-day programme gives your team the mindset and the technical toolkit of an ethical hacker. Participants work through the full penetration testing lifecycle — from information gathering and exploitation through to post-exploitation tactics and web application assessment — in dedicated lab environments that mirror real corporate networks.
The programme is delivered on-site at your organisation and tailored to your schedule.
What your team will learn
- Identify and assess system vulnerabilities using advanced data-gathering techniques
- Execute strategic system infiltration to simulate real-world cyber attacks
- Apply post-breach tactics to understand and mitigate the impact of security incidents
- Specialise in web application security to protect against targeted web-based threats
- Produce comprehensive, prioritised reports that an organisation can act on immediately
How you will learn
Training is apprenticeship-based: trainers lead through hands-on demonstration on virtual and host machines, prioritising showing over telling. Each chapter includes:
- Structured demonstrations — trainers walk through tools and techniques step by step
- Practice labs — participants replicate and vary the techniques in isolated environments
- Challenge questions — critical-thinking exercises that push beyond the worked example
- Scenario exercise — the final chapter is a capstone: participants navigate a simulated corporate network from initial reconnaissance to a written findings report
Class size: maximum 1 trainer per 30 participants, ensuring focused, practical guidance throughout.
Entry requirements
Participants should have a solid foundation in:
- Networking fundamentals (TCP/IP, subnetting, common protocols)
- Linux and Windows command-line usage
- Core vulnerability concepts and how common exploits work
This is an advanced programme and is not suitable for those without prior technical grounding in cybersecurity or IT.
Delivery
- Format: On-site at your premises (or a venue of your choosing)
- Duration: 5 days · 8 hours per day · 40 hours total
- Schedule: Tailored to your organisation’s calendar — contact us to discuss available dates
Funding & fees
This programme is eligible for SkillsFuture funding for Singaporean Citizens and Permanent Residents. SkillsFuture Credits (up to S$500), UTAP (S$200–S$500), and PSEA may be used to further offset the nett fee payable after subsidy. Our team will assist participants with the claims process.
See the fee table above for a full breakdown by citizenship category.
What you will cover
Module 01 Chapter 01: Collecting Information
- Information Gathering: Whois, Dmitry, Google / GHDB, Shodan CLI, DNS Reconnaissance, Online Databases
- Scanning: Nmap Scanning, NSE Scripting
- Enumeration: Service Enumeration, Msfconsole, Enumeration Tools, Vulnerability Detection Methods, Nessus
- Exploitation: Brute Force Tools, Exploits Database, Msfconsole, Manual Exploitation
- Payloads: Msfvenom Payloads, Payload Automation, Meterpreter
Module 02 Chapter 02: Exploitation
- Post-Exploitation Introduction: Local vs. Remote Exploits, Privilege Escalation, Persistence, Disabling Security Controls
- Social Engineering: Online Services, BeEF, Phishing Frameworks, Advanced Techniques
Module 03 Chapter 03: Post-Exploitation
- Web Application Security Introduction: HTML Basics, OWASP Top 10, Cross-Site Scripting (XSS), LFI / RFI, Brute Force, SQL Injection, Web Payloads, Reverse Shell
- Burp Suite: Proxy, Repeater, Intruder, Encoder
Module 04 Chapter 04: Web Application Security (OWASP)
- OWASP methodology applied to real-world web targets
- Identifying and exploiting common web vulnerabilities
- Testing authentication, session management, and access controls
- Reporting web application findings with remediation recommendations
Module 05 Chapter 05: Scenarios & Capstone
- Real-world corporate network navigation exercise
- End-to-end penetration test simulation: reconnaissance through reporting
- Cyber-attack comprehension and defender-perspective debrief
- Structured written report: findings, risk ratings, and remediation priorities
Fees and funding
| SG Citizen 21–39 | SG Citizen 40+ / PR | Self-funded / Non-subsidised | |
|---|---|---|---|
| Full course fee | S$19,500 | S$19,500 | S$19,500 |
| SkillsFuture subsidy | — | 70% / 90% | — |
| Nett fee (before GST) | S$19,500 | S$5,850 / S$1,950 | S$19,500 |
| 9% GST on nett fee | S$1,755 | S$526.50 / S$175.50 | S$1,755 |
| Total payable | S$21,255 | S$6,376.50 / S$2,125.50 | S$21,255 |
SkillsFuture Credits, UTAP and PSEA may offset the nett fee payable. All fees shown include 9% GST where applicable.
Frequently asked questions
Is this offensive training safe to run on our systems?
All practical work takes place in isolated lab environments we provide. Nothing is run against your production systems during the programme.
What level should participants be at?
This is an advanced programme. Participants should already be comfortable with networking, the command line, and the fundamentals of common vulnerabilities.
Is the schedule fixed?
No. The programme runs over five consecutive days (8 hours per day) and is tailored to your organisation's calendar. Contact us to discuss dates.
Can SkillsFuture Credits be used?
Yes. SkillsFuture Credits (up to S$500), UTAP (S$200–S$500) and PSEA may be used to offset the nett fee payable after subsidy. Our team will guide your participants through the claims process.
What do participants receive at the end?
Participants who complete the programme receive a certificate of completion issued in partnership with Ngee Ann Polytechnic.
Ready to secure your workforce?
Book a 30-minute consultation to scope the right training for your team and your regulatory context.