Be a Web Application Penetration Tester from Scratch
4.0 (32 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
596 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Be a Web Application Penetration Tester from Scratch to your Wishlist.

Add to Wishlist

Be a Web Application Penetration Tester from Scratch

A perfect balance in theory and practical to earn 2000$ bug bounty programs as a Penetration Tester
4.0 (32 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
596 students enrolled
Last updated 4/2015
Current price: $10 Original price: $150 Discount: 93% off
5 hours left at this price!
30-Day Money-Back Guarantee
  • 5 hours on-demand video
  • 3 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Perform a penetration test over web applications
  • Every insights of pentesting as an Industry Standards
  • Write a formal pentesting report
  • Earn by hunting Bugs in Web applications
  • Helpful in students pursuing Master or Ph. D Degree in Information Security
View Curriculum
  • No Coding required
  • basic knowledge of Website related Ternimologies
  • Kali Linux (available for free)
  • Virtual Player / Virtual Box

Do you know that web application pentesters are earning 100's of dollars by submitting bugs to various reputed websites. Now there is a legal way by which you can report bugs and vulnerability to websites and in return you can get reward money.

What is this course about?

This is an ideal course to learn penetration testing from scratch. This course requires no coding skills yet you will be able to perform and create great reports on pentesting for clients. Pentesting is second highest paid job with lots of empty space according to Forbes.

Everyone is learning to create, someone has to take the responsibility to secure that creation.

Penetration testing is a step by step procedure to test an application for various security flaws. These flaws can compromise a website at various levels like database leak, client information leak or may involve monetary leak too.

A lot of new pentester learn a few slings to hack the application but approaching client in a formal way, doing a procedural pentest and documenting a report is a different game. In this course you will learn about all types of vulnerabilities, exploitation of web application, impact of flaws and finally we will cover the steps to write a report.

Traditional companies rely on Firewalls and network security. Attack vectors based on web application will not trigger alarm for it. Specially the new application that are based on CMS like wordpress are getting hacked often. A whole lot ground is covered in this course.

Updates in this course.

You might notice a few small topics being missed out. Web security is a big monster, that is why we have decided to roll out the course and in the mean while we will be updating the course on monthly basis. There will be no charge for extra lecture added but course prize may increase at latter stage.

No coding experience, No Prior Knowledge; Just start your journey as WEB APPLICATION PENTESTER.

Who is the target audience?
  • Information Security Researchers
  • Web Developers
  • Start ups
  • Students
  • Security auditors
  • Bug hunter
Students Who Viewed This Course Also Viewed
Curriculum For This Course
57 Lectures
The Ultimate world of Pentesting Jargons
8 Lectures 45:42

Pentesting is the method of finding bugs and vulnerabilities in any web based application. There are many types of pentesting and in this course we will take a look for web application pentesting. Although there are many types of pentesting but lets focus on web app pentesting in this course.

Preview 06:43

To learn any new topic, the first barrier is new terms. Once we are comfortable with new terminologies then we can understand the further course much better. Terms like vulnerabilities, exploitation are crucial in order to understand web application pentesting.

Common terminologies in Penetration Testing

According to book guidance, pentesting is divided in various level on the amount of knowledge. Black box is considered as no prior knowledge level testing. In White box testing, pentester have great amount of knowledge from inside of the company team.

Box Based testing: Black Box, White Box and Grey Box

There are few fundamental rules while doing pentesting. What is your target, what kind of information that you need to grab for a client. Ask the client for the tools that are not allowed. Having this list will help to generate a nice report for the client.

Fundamentals of Attacking for Vulnerability Assessment.

Every pentester needs some tools under his belt. Most of the experienced pentester like to have custom designed or self designed automation tools. But there are few trusted and heavily used tools too. An ideal pentester should be atleast aware of all such tools

Tools of Trade for Pentester

Just visiting the website and start hunting for XSS and sql injection is not a professional way to handle pentesting for clients. Don't ever do that. There are few definite steps that you need to follow. This video will help you to understand the importance of those steps.

Steps to conduct Penetration testing

OWASP aka Open Web Application Security Project is an initiative to make sure that all developers follow a guideline to secure their application. OWASP has also mentioned some major vulnerabilities or can be said as common mistakes, due to which most of the application are compromised.

OWASP top 10 vulnerability and guidelines

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

What we did so far: Summary
Set up of the Home Lab
4 Lectures 15:26

Installation might be tricky for various user as some of us are in windows and some are on MAC. This video will take all of us to the same page. MAC user can use Oracle Virtual Box and windows users can use Vm player to install kali as virtual Operating system. Having entire seperate machine as pentest lab is not prefered at all.

Preview 06:47

Although, if you have once installed Kali Linux on Virtual machines, then installing windows is not a big deal. But still we don't want you to leave in any kind of question. This movie will walk you through installation of windows based operating system in Virtual environment.

Installation of Windows based OS in vm

after installation of kali the first that you want to do is to take a quick look on how this operating system looks like. it's just a simple Debian based system having a lot of pentesting tools preinstalled. This makes all the thing as plug and play option.

Quick tour to pentesting linux

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

What we did so far - summary
3 pages
Lets learn reconnaissance
8 Lectures 44:15

Having target is great but getting information about target is not that easy. Every small information like email and login page is of very high importance. IN pentesting gathering information requires fixed steps and there should also be time limit to gather information. You cannot dedicate endless time, waiting that some information will pop up.

What is reconnaissance

For any initial research about target, Google is the best website to look for. But don't be narrow minded. There are lot of other websites like DuckDuckgo and Baidu. Make sure that you take use of all resources. If you are using google then make use that you are aware of google dorks for precised results.

initial research about target application

As we were talking about google dorks, you should be aware of few website (discussed in the movie) so that you are all time aware of important and updated dorks of Google. Also we will talk about Shodan which is a unique search engine.

Shodan and advanced google research about target

Many time to analyze any website, without triggering the alarm, we need to check out for few links and related stuff. We can do that by taking an offline copy of the site. For this we can use httrack, which is available for windows as well as Linux.

offline mirror of target site for local testing

Zone transfer comprises a preamble followed by the actual data transfer. The preamble comprises a lookup of the Start of Authority (SOA) resource record for the "zone apex", the node of the DNS namespace that is at the top of the "zone". The fields of this SOA resource record, in particular the "serial number", determine whether the actual data transfer need occur at all.

ICMP - DNS testing and DNS zone transfer

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

Nmap and Zenmap tools

It is important that you should be aware of tools but having too much dependencies on tools is surely going to lead into future problems. A real pentester is never dependent on tools but will always looking to create new tools for future use.

Do not rely completely on tools

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

What we did so far- Summary
3 pages
Step by Step pentesting guide by OWASP
20 Lectures 01:43:09

this entire section is dedicated to OWASP. It is easy to understand how tools works but tough to have a guideline that when to use which tool. This section will take you through step by step process of analyzing each phase of an application.

What is next to come

There are several different vendors and versions of web servers on the market today. Knowing the type of web server that is being tested significantly helps in the testing process and can also change the course of the test. Please note that it usually takes several different commands to accurately identify the web server, as different versions may react similarly to the same command.

Search Engines, FingerPrint and Metafiles

Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.

Services, source code review and entry points

A Web crawler is an Internet bot that systematically browses the World Wide Web, typically for the purpose of Web indexing. A Web crawler may also be called a Web spider, an ant, an automatic indexer, or (in the FOAF software context) a Web scutter.

Web search engines and some other sites use Web crawling or spidering software to update their web content or indexes of others sites' web content.

Crawlers, Framework detection and Architecture

A filename extension is a suffix (separated from the base filename by a dot or space) to the name of a computer file applied to indicate the encoding (file format) of its contents or usage. Examples of filename extensions are .png, .jpeg, .exe, .dmg and .txt.

Web server configuration and file extension

The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.

HTTP works as a request-response protocol between a client and server.

A web browser may be the client, and an application on a computer that hosts a web site may be the server.

Example: A client (browser) submits an HTTP request to the server; then the server returns a response to the client. The response contains status information about the request and may also contain the requested content.

web server backups, admin page and http request

identity management (IdM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.

The terms "Identity Management" and "Identity and Access Management" (or IAM) are used interchangeably in the area of Identity access management, while identity management itself falls under the umbrella of IT Security

Identity management and role defination in an application

When we design a new application, usually developer create some test accounts and at latter point, they forget to remove them. Make sure that every test account is disabled. Also look for crediantials in the code comments. Usually there is password of the account is lying there.

Test accounts and weak account policy

Credentials in cryptography establish the identity of a party to communication. Usually they take the form of machine-readable cryptographic keys and/or passwords. Cryptographic credentials may be self-issued, or issued by a trusted third party; in many cases the only criterion for issuance is unambiguous association of the credential with a specific, real individual or other entity

Testing for credential transport over Encrypted channel

While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal page that is supposed to be accessed only after authentication has been performed.

lock outs, authentication bypass and defaults

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. The password policy may either be advisory or mandated by technical means. Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords.

password cache and password policy

A security question is used as an authenticator by banks, cable companies and wireless providers as an extra security layer. Due to the commonplace nature of social-media, many of the older traditional security questions are no longer useful or secure. It is important to remember that a security question is just another password

Security questions and re authentication channel

File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events such as:

  1. Code execution on the web server
  2. Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS)
  3. Denial of service (DoS)
  4. Data theft/manipulation
Remote and local file inclusion and Directory traversal

Applications frequently use the actual name or key of an object when generating web pages. Applications don't always verify the user is authorized for the target object. This results in an insecure direct object reference flaw. Testers can easily manipulate parameter values to detect such flaws. Code analysis quickly shows whether authorization is properly verified.

insecure direct object reference and priviledge escalation

In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, and then torn down at some later point. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.

Session management and cookie analysis

Most client-server sessions are maintained by the transport layer - a single connection for a single session. However each transaction phase of a Web/HTTP session creates a separate connection. Maintaining session continuity between phases required a session ID. The session ID is embedded within the <A HREF> or <FORM> links of dynamic web pages so that it is passed back to the CGI. CGI then uses the session ID to ensure session continuity between transaction phases. One advantage of one connection-per-phase is that it works well over low bandwidth (modem) connections. Deity used a sessionID, screenID and actionID to simplify the design of multiple phase sessions.

Session fixation and session exposed vulnerabilities

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Cross site request forgery CSRF vulnerability

a login or logon or sign in refers to the credentials required to obtain access to a computer system or other restricted area. Logging in or on and signing in or on is the process by which individual access to a computer system is controlled by identifying and authenticating the user through the credentials presented by the user.

Once a user has logged in, they can then log out or log off when access is no longer needed. To log out is to close off one's access to a computer system after having previously logged in.

Log out and session timeout test

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Input validation for injection and XSS

This movie will talk about, what we have done so far in the course. It will help you to make sure that we all are on same page.

What we did so far - Summary
3 pages
Automation tools for pentesting
5 Lectures 34:19

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).

Webshag and Vega for web app pentesting

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

OWASP Zap for automation of testing

WebSploit Advanced MITM Framework

  • Autopwn - Used From Metasploit For Scan and Exploit Target Service
  • wmap - Scan,Crawler Target Used From Metasploit wmap plugin
  • format infector - inject reverse & bind payload into file format
  • phpmyadmin Scanner
  • CloudFlare resolver
  • LFI Bypasser
  • Apache Users Scanner
  • Dir Bruter
  • admin finder
  • MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
  • MITM - Man In The Middle Attack
  • Java Applet Attack
  • MFOD Attack Vector
  • ARP Dos Attack
  • Web Killer Attack
  • Fake Update Attack
  • Fake Access point Attack
  • Wifi Honeypot
  • Wifi Jammer
  • Wifi Dos
  • Wifi Mass De-Authentication Attack
  • Bluetooth POD Attack
Websploit, wafwoof and W3af tools

In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys or passwords until the correct one is found. In the worst case, this would involve traversing the entire search space

No Brute Force

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

Social Engineering Toolkit attacks
Documenting the Pentesting report
3 Lectures 22:11

Security is not at all top priority

Too much v/s Too less

100$-200$ per hour; APP: 2000$-3000$

We will alo talk about standards of audit report

Problems and markups for security report


  1. Approach and meeting.
2. Presentation for importance of security
3. Signing the confidentiality statement
4. <Steps mention in course>
5. Project review
6. Rough Draft for scanning and vulnerabilities
7. Review and Final Draft
8. Remedies
Steps to write Pentesting Documentation report

In this movie we will create a formal report. WHile creating formal report, we should take care about the format. A detailed format is mentioned in this movie that will help you to prepare good report.

Pentesting Report Format
Web app pentesting project 1
7 Lectures 38:24

In this movie we will install a deliberately vulnerable for testing purposes. Make sure that you are not connected to internet while running this machine as this machine is vulnerable and any other attacker may get into your system. All resource are available for free.

Setting up project for testing

When password guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because of the time a brute-force search takes.

When key guessing, the key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones.

brute force with burp suite

arbitrary code execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shellcode to give an attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution.

remote code execution vulnerability

The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have been authenticated. For example, one user, Alice, might be browsing a chat forum where another user, Mallory, has posted a message.

cross site request forgery attack

File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file

file inclusion vulnerability

With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or bind variables) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence the SQL injection would simply be treated as a strange (and probably invalid) parameter value.

In many cases, the SQL statement is fixed, and each parameter is a scalar, not a table. The user input is then assigned (bound) to a parameter

SQL injection basics

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.

Shell uploading and defacing
Web app pentesting project 2
1 Lecture 05:31

Lets practice on a bit detailed platform then the last one. Web Goat is currently very broad aplication to practice vulnerabilities. You can download the 7zip version of the application or if you want the other file type, then installtion steps will very a little

Installation of Webgoat as test environment
1 Lecture 01:11

Writing an end to this course is not at all possible. We will be adding more videos in this course on monthly basis so that you can get updates on modern attack vectors.


This will only ask for simple question so that we can understand that everyone is on same track and watching the lecture with full concentration

Web application general quiz
5 questions
About the Instructor
Igneus Technologies
4.3 Average rating
3,283 Reviews
80,919 Students
35 Courses
Best Comprehensive Courses

We at Igneus have trained students from IIT's, NIT's and reputed companies. Students from all over the globe have trusted our High quality and affordable trainings from 10+ countries and have opted for our Certification programs.

IGNEUS stands for the Revolutionary and a quality enhanced change that we’ve tried to come up with in the modern world of Internet education. We’ve come up bearing in mind the maximum emphasis on the quality dealing with every new technology which has made us distinguished from the throng at internet. And this revolution of choice will keep continuing. Today IGNEUS Technologies has proudly lifting up the tag of being the world's most trusted provider of myriad of services and training programs aiding constantly in every corner of the globe along with web security aspects, and open source technology.

IGNEUS Technologies Pvt. Ltd is a dream shared and brought up by two computer geniuses to make the society upgraded and aware of the cyber crimes that curb the innocence of environment, thus starting a revolution in favor of cyber security.

Igneus stands for the Revolutionary and a quality enhanced change in every aspect of its touch to internet. Quality dealing with every new technology makes us different from the crowd of internet. The revolution of choice continues. Today Igneus Technologies is the world's most trusted provider of mentioned services and training along with web security aspects, and open source technology.