Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Software Development Tools No-Code Development
Business
Entrepreneurship Communication Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certifications Network & Security Hardware Operating Systems & Servers Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Paid Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement & Gardening Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition & Diet Yoga Mental Health Martial Arts & Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Learning Teacher Training Test Prep Other Teaching & Academics
Web Development JavaScript React Angular CSS Node.Js PHP HTML5 Vue JS
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Amazon AWS Cisco CCNA CompTIA Security+ Microsoft AZ-900
Microsoft Power BI SQL Tableau Data Modeling Business Analysis Business Intelligence MySQL Qlik Sense Data Analysis
Unity Unreal Engine Game Development Fundamentals C# 3D Game Development C++ Unreal Engine Blueprints 2D Game Development Mobile Game Development
Google Flutter iOS Development Android Development Swift React Native Dart (programming language) Kotlin Mobile App Development SwiftUI
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting Canva InDesign Character Design Procreate Digital Illustration App
Life Coach Training Personal Development Neuro-Linguistic Programming Personal Transformation Life Purpose Mindfulness Sound Therapy Coaching CBT Cognitive Behavioral Therapy
Business Fundamentals Entrepreneurship Fundamentals Freelancing Business Strategy Startup Business Plan Online Business Blogging Leadership
Digital Marketing Social Media Marketing Marketing Strategy Internet Marketing Google Analytics Copywriting Email Marketing Startup YouTube Marketing

IT & SoftwareNetwork & SecurityWeb Application Security Tester

The Complete Practical Web Application Penetration Testing

Learn How to Uncover Web Application Vulnerabilities
Rating: 5.0 out of 55.0 (1 rating)
10 students
Created by Motasem Hamdan
Last updated 1/2022
English
English [Auto]

What you'll learn

  • OWASP TOP 10.
  • Understand Web Application Vulnerabilities.
  • Demonstrate Practical Ability To Discover and Detect Web Application Vulnerabilities.
  • Demonstrate Practical Ability To Exploit Web Application Vulnerabilities.

Requirements

  • Basic knowledge about the web.
  • No programming is needed

Description

Welcome to this complete course about web application penetration testing. The course doesn't require any prior knowledge of testing web applications for security vulnerabilities nor it requires any level of coding knowledge although it's preferred.

This course covers web application vulnerabilities in a practical fashion using practical labs designed for demonstrations. The course contains a theoretical part to explain the concepts and a practical part for demonstration. Course theoretical part is packed into a downloadable PDF file as well.

You will learn everything by doing and the course shows practical demonstrations on vulnerable systems designed for practicing your skills in web application penetration testing.

At the end of this course learners should achieve the below objectives:


· Understand Web application penetration testing methodology

· Understand the concepts of web application vulnerabilities

· Be able to conduct manual testing of web application vulnerabilities

The course is divided to cover 10 most common web application vulnerabilities covered in the OWASP top 10 list as of 2022.

1- Injection vulnerabilities: Injection vulnerabilities are very common in today's websites. In this section you will get to understand what causes an injection vulnerability and be able to uncover its existence by looking through and testing the right parts in any web application. In injection vulnerabilities we cover the below categories

· SQL Injection: Most common vulnerabilities against databases. You will learn the different types of SQL injection vulnerabilities in addition to the ability to test and uncover a SQL injection by performing practical exercises against vulnerable pages.

· SQLmap: After you learned how to manually test for SQL injection, here you will learn how to automate your testing using one of the most popular tools used in SQL injection

· Command Injection: Command injections comes as one of the most dangerous web application vulnerabilities as it allows for complete takeover the system. In this section, you will learn how to spot a command injection vulnerability and how to perform a proof of concept.

2- Broken Access Control: This vulnerability also comes in the OWASP top 10 list as of 2022. We will cover to reveal weakness areas in a website that would allow unrestricted access to sensitive resources.

3- Broken Authentication: This section will teach you how to bypass authentication methods such as login forms.

4- JSON Web Tokens: JWTs are not considered as a web application vulnerability rather a kind of cookies used for authorization. In this section we will go through the process of showing the mechanisms of testing and exploiting these tokens.

5- Sensitive Data Exposure: This section will reveal techniques that are used to see if a website has security measures against data leaks.

6- SSRF aka server side request forgery: One of the recently added vulnerabilities to the OWASP top 10 list. You will learn how to use it make a website reveal sensitive resources and load internal running services.

7- SSTI aka server side template injection: not commonly talked about but this section explains how such vulnerability may lead to devastating outcomes such as command injection and full system takeover.

8- XSS aka Cross Site Scripting: Very well known and popular web application vulnerability. In this section we will practically explain Stored, Reflected and DOM-based XSS.

9- XXE aka XML External Entity Injection: a vulnerability that occurs as a result of poor XML implementation. We will explain how XML works and see different techniques to exploit XXE.

10- CSRF aka Cross Site Request Forgery: Very popular vulnerability that when exploited allows for unauthenticated actions against users. We will learn practically how to perform and setup a testing environment to uncover CSRF.


Who this course is for:

  • Anyone who wants to gain hands-on skills testing for web application security vulnerabilities
  • Junior Penetration Testers

Instructor

Motasem Hamdan
Engineer and Entrepreneur
Motasem Hamdan
  • 5.0 Instructor Rating
  • 1 Review
  • 10 Students
  • 1 Course

Professionally speaking, I have been working in the Cyber Security field for six straight years ranging from full time to consultation services. I helped clients mainly in the healthcare industry and it’s business associates with security consultation, penetration testing, vulnerability management, and security training.

Confusingly throughout the past eight years, I also worked in Search engine optimization and Google Ad-words. I still provide freelance consultation to existing clients I am currently working with. Having to be up to date with many field areas is something difficult and time-consuming but if the ability to consolidate them together isn’t impossible especially if you have already learned it you can’t help but use it ?

Top companies choose Udemy Business to build in-demand career skills.
NasdaqVolkswagenBoxNetAppEventbrite
  • Udemy Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Investors
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Accessibility statement
Udemy
© 2022 Udemy, Inc.