Course Description
The Web Penetration Testing course provides a hands-on approach to identifying and exploiting web security vulnerabilities. From foundational concepts like HTTP and session management to advanced attack techniques such as SQL Injection, XSS, CSRF, and HTTP Request Smuggling, this course covers a wide range of real-world web security threats. Learners will explore passive and active reconnaissance, authentication and authorization testing, session security, file-based attacks, and business logic vulnerabilities. Through practical labs and guided exercises, participants will gain essential skills to assess and secure web applications effectively.
What You'll Learn
By the end of this course, you will be able to:
• Conduct reconnaissance and information gathering using passive and active techniques.
• Identify and exploit authentication, authorization, and session-related vulnerabilities.
• Perform common web attacks such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
• Analyze and exploit JWT security issues and OAuth authentication flaws.
• Execute file-based attacks, including Path Traversal, Local & Remote File Inclusion (LFI/RFI), and File Upload Bypasses.
• Assess business logic flaws, UI redressing, and protocol-based vulnerabilities.
• Perform advanced attacks such as HTTP Request Smuggling and Race Conditions.
• Apply secure coding principles to mitigate these threats and strengthen web application security.
Requirements
Completion of these courses is required:
• Computer Network Fundamentals
• Implementation of Computer Network Fundamentals
• Introduction to Network Security
