Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Practical Web Application Penetration Testing (WAPT)
Rating: 4.6 out of 5(111 ratings)
612 students

Practical Web Application Penetration Testing (WAPT)

Learn how to find, exploit and explain 40+ security issues in Web Applications.
Last updated 9/2025
English

What you'll learn

  • Software Security Fundamentals
  • How to approach the security testing of a web application
  • How to document security issues through Proof of Concepts (PoC)
  • How to reason about risk and threats associated to security issues
  • How to use Burp Suite to perform a web penetration test

Course content

13 sections112 lectures19h 22m total length
  • whoami4:14

    Learn practical web application penetration testing from an industry-ready perspective for web developers and junior testers, exploring vulnerabilities, root causes, exploitation, and mitigation while building secure coding and testing skills.

  • Learning objectives7:01
  • Required knowledge2:26
  • Course contents2:45

    Engage in hands-on web application security testing by deploying a secure bank app with Docker, using Burp Suite to examine injections, authentication, authorization, and data validation.

Requirements

  • Basic linux knowledge
  • Basic HTTP knowledge

Description

This course has been developed with a clear objective: show in practice what it means to perform a Web Application Penetration Test (WAPT), exactly as it would happen with a real client in a typical week of work. This approach will allow you to quickly reach the experience level of a junior penetration tester.


Consider these questions:

  • Are you interested in working in the security industry?

  • Do you want to learn how to test the security of a Web Application?

  • Do you like hands-on, practice-based learning?


If you answered yes to these questions, then this course is for you.


In this course, we will show how to test the security of Secure Bank, a home banking application designed as a training ground for penetration testers and web developers. During the test we will find 40+ security issues belonging to the following  categories:


- Information Disclosure

- Injection Vulnerabilities

- Authentication

- Authorization

- Session Management

- Business Logic Vulnerabilities

- Data Validation Vulnerabilities

- Cryptography

- Insecure Configuration


For each security issue we will show how to find the vulnerable behavior, how to exploit it and finally how to explain it using written Proof of Concepts (PoCs) to the final client. At the end of the course you will see 40 different PoCs for 40 different vulnerabilities. This should give you a very good intuition on WAPT testing, something that will help you to get started in the industry or to simply refine your skills in case you need to.

Who this course is for:

  • Cybersecurity enthusiasts curious about Web Security Testing
  • People interested in working in the security industry as Web Penetration Testers
  • People interested about security in general