Web Penetration Tester - Jump Up A Level In Your Career

You will learn hacking tools, methodologies and techniques. This is a both practical and theatrical step-by-step course.
4.4 (38 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
1,090 students enrolled
92% off
Take This Course
  • Lectures 22
  • Length 5.5 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 8/2015 English

Course Description

Learn now how to build your $120 000/year career as Ethical Hacker!

A job that can be done from home, coffee shop or remote island!

In order to protect yourself from hackers, you must think as one.

This training is based on a practical approach of day-by-day situations and it contain labs based on real environments.

The course objective is to help you learn to master the (ethical) hacking techniques and methodology that are used in penetration systems. The course is designed for IT passionate, network and system engineers, security officers.

Below are the main topics, both theoretical and practical, of this course:

  • Core problems (Causes. Defences)
  • Web Technologies (HTTP Protocol, Web Functionality, Encoding)
  • Mapping (Spidering and Analysing)
  • Attacking Authentication (Technologies, Flaws, Fixes, Brute Force)
  • Attacking Session Management (State, Tokens, Flaws)
  • Attacking Access Controls (Common Vulnerabilities, Attacks)
  • Attacking Data Stores (SQL Injection, Bypassing Filters, Escalation)
  • Bypassing Client-Side Controls (Browser Interception, HTML interception, Fixes)
  • Attacking the server (OS command Injection, Path Traversal, Mail Injection, File Upload)
  • Attacking Application Logic
  • Cross Site Scripting
  • Attacking Users (CSRF, ClickJacking, HTML Injection)


  • Spidering, Website Analyser
  • Brute-Force
  • Session Hijacking via Mann-in-The-Middle
  • Get Gmail or Facebook Passwords via SSLStrip
  • SQL Injection
  • Upload File and Remote Execution
  • Cross-Site Scripting (Stored + Reflected, Cookie Stealing, Preventing XSS)
  • CSRF (Change password trough CSRF vuln., Preventing CSRF)

What are the requirements?

  • Basic IT skills
  • Basic knowledge of Linux and/or Windows
  • Understand basic computer networking

What am I going to get from this course?

  • Understand and perform the basic steps in order to performa penetration testing of a web application
  • Understand web application's security principles and potential dangers
  • Be able to gather information about your target
  • You will learn how to find vulnerabilities in your target web application
  • Exploit found vulnerabilities and get control over remote servers
  • Understand the penetration testing process
  • As a web application developer you will understand how to secure your application

Who is the target audience?

  • Web developers
  • Anyone who want to learn the ethical hacking and penetration testing process
  • IT students and/or passionate
  • Anyone who wants to start or develop a career in it security field or as "ethical hacker"

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Why Web Security?

About myself and this course


In this video are presented most why web application security is so important and how they developed over the years

30 pages

You will familiarise yourself with web technologies. It is important to have a good foundation before going forward.


You will be guided trough the step required to install required tools and services in order to create a testing lab.

Section 2: Mapping the Web Application. User and Password Brute-Forcing
16 pages

Understand the process and the need of mapping a web application.


Learn how to use burp in order to brute-force usernames and password within your testing environment.


A demo showing how to discover a web application resources.


A demo showing how to discover a web application resources, including the one that are not linked within the website.

Section 3: Attacking Authentication and Session Management - Session Hijacking
33 pages

A good overview of how authentication and session management works.


Perform a man-in-the middle attack and capture authentication details of the computer in the same LAN. Test it in the lab environment.


Intercept and analyze HTTPS (encrypted) traffic.

Section 4: Access controls. Data stores and Client-side Controls
37 pages

Understand access control data stores and learn what client side attacks implies.


Perform an SQL injection attack to get data from the database.


Perform SQLi using an automate tool and get remote shell trough an SQLi vulnerability.


Present problems related to file upload and show how an attacker can get control over the server trough a file upload correlated with a remote file inclusion.

Section 5: Attacking the Server and Application Logic
Attacking the server: OS Command injection, Path Traversal and Mail Injection
25 pages
Attacking Application Logic
11 pages
Section 6: (XSS) Cross Site Scripting. Attacking the Users
33 pages

Understand the Cross Site Scripting and how it affects users.


A real example of how users are affected of XSS.


Understand the difference between Reflected and Stored XSS trough examples.


Change a user's password by exploiting a CSRF vulnerabilty.

Section 7: Guideline for Discovering and Improving Application Security
26 pages

See the whole Penetration Testing process summarised, from the beginning to the end.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Gabriel Avramescu, Senior Information Security Consultant, IT Trainer

Senior Information Security Consultant

I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary. Act as an effective participant in multidisciplinary security project team. -Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking). Make recommendations on security weaknesses and report on activities and findings. - Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated) - Security lab fixed and virtual assets design for different LAN / WAN architectures - Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment - Perform analysis and testing to verify the strengths and weaknesses of - Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.) - Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures - Assist with the development of remediation services for identified findings - Customize, operate, audit, and maintain security related tools and applications

IT Trainer

- Trainer for Web Application Hacking and Network Infrastructure Hacking - Training students for CCNA and CCNA Security Certification - Training NDG Linux Basics - Legal Main Contact - Curriculum Leader



- CREST CRT (Registered Penetration Tester)

- ISO 270001 Lead Auditor

- ECSA (EC-Council Certified Professional)

- CEH (Certified Ethical Hacker)

- CEI (Certified EC-Council Instructor)

- VMWare vSphere Install, Configure, Manage

- CCNA and CCNA Security

- CCNP Routing and CCNP Switching

- Advanced Linux&InfoSEC

- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.

Ready to start learning?
Take This Course