Web Penetration Tester - Jump Up A Level In Your Career
4.1 (45 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1,187 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Web Penetration Tester - Jump Up A Level In Your Career to your Wishlist.

Add to Wishlist

Web Penetration Tester - Jump Up A Level In Your Career

You will learn hacking tools, methodologies and techniques. This is a both practical and theatrical step-by-step course.
4.1 (45 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1,187 students enrolled
Created by Gabriel Avramescu
Last updated 8/2015
Current price: $10 Original price: $200 Discount: 95% off
5 hours left at this price!
30-Day Money-Back Guarantee
  • 2 hours on-demand video
  • 8 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Understand and perform the basic steps in order to performa penetration testing of a web application
  • Understand web application's security principles and potential dangers
  • Be able to gather information about your target
  • You will learn how to find vulnerabilities in your target web application
  • Exploit found vulnerabilities and get control over remote servers
  • Understand the penetration testing process
  • As a web application developer you will understand how to secure your application
View Curriculum
  • Basic IT skills
  • Basic knowledge of Linux and/or Windows
  • Understand basic computer networking

Learn now how to build your $120 000/year career as Ethical Hacker!

A job that can be done from home, coffee shop or remote island!

In order to protect yourself from hackers, you must think as one.

This training is based on a practical approach of day-by-day situations and it contain labs based on real environments.

The course objective is to help you learn to master the (ethical) hacking techniques and methodology that are used in penetration systems. The course is designed for IT passionate, network and system engineers, security officers.

Below are the main topics, both theoretical and practical, of this course:

  • Core problems (Causes. Defences)
  • Web Technologies (HTTP Protocol, Web Functionality, Encoding)
  • Mapping (Spidering and Analysing)
  • Attacking Authentication (Technologies, Flaws, Fixes, Brute Force)
  • Attacking Session Management (State, Tokens, Flaws)
  • Attacking Access Controls (Common Vulnerabilities, Attacks)
  • Attacking Data Stores (SQL Injection, Bypassing Filters, Escalation)
  • Bypassing Client-Side Controls (Browser Interception, HTML interception, Fixes)
  • Attacking the server (OS command Injection, Path Traversal, Mail Injection, File Upload)
  • Attacking Application Logic
  • Cross Site Scripting
  • Attacking Users (CSRF, ClickJacking, HTML Injection)


  • Spidering, Website Analyser
  • Brute-Force
  • Session Hijacking via Mann-in-The-Middle
  • Get Gmail or Facebook Passwords via SSLStrip
  • SQL Injection
  • Upload File and Remote Execution
  • Cross-Site Scripting (Stored + Reflected, Cookie Stealing, Preventing XSS)
  • CSRF (Change password trough CSRF vuln., Preventing CSRF)
Who is the target audience?
  • Web developers
  • Anyone who want to learn the ethical hacking and penetration testing process
  • IT students and/or passionate
  • Anyone who wants to start or develop a career in it security field or as "ethical hacker"
Students Who Viewed This Course Also Viewed
Curriculum For This Course
22 Lectures
Why Web Security?
4 Lectures 17:18

About myself and this course

Preview 01:14

In this video are presented most why web application security is so important and how they developed over the years

Core Problems - Why Web Security

You will familiarise yourself with web technologies. It is important to have a good foundation before going forward.

Web Technologies
30 pages

You will be guided trough the step required to install required tools and services in order to create a testing lab.

Preparing the Lab Environment
Mapping the Web Application. User and Password Brute-Forcing
4 Lectures 30:59

Understand the process and the need of mapping a web application.

What Web Application Mapping Means
16 pages

Learn how to use burp in order to brute-force usernames and password within your testing environment.

Usernames and Passwords Brute-Forcing using Burp

A demo showing how to discover a web application resources.

Spider and Analyze a Website using Burp

A demo showing how to discover a web application resources, including the one that are not linked within the website.

Brute-frocing Web Resources using Dirb and Dirbuster
Attacking Authentication and Session Management - Session Hijacking
3 Lectures 20:01

A good overview of how authentication and session management works.

Theoretical Overview of Attacking Authentication and Session Management
33 pages

Perform a man-in-the middle attack and capture authentication details of the computer in the same LAN. Test it in the lab environment.

Session Hijacking trough Man In The Middle Attack

Intercept and analyze HTTPS (encrypted) traffic.

Intercept and access traffic over HTTPS. Get Facebook or Gmail Passwords
Access controls. Data stores and Client-side Controls
4 Lectures 29:59

Understand access control data stores and learn what client side attacks implies.

Theoretical Approach of Attacking Access Controls
37 pages

Perform an SQL injection attack to get data from the database.

SQL injection

Perform SQLi using an automate tool and get remote shell trough an SQLi vulnerability.

Preview 10:07

Present problems related to file upload and show how an attacker can get control over the server trough a file upload correlated with a remote file inclusion.

Upload and Remote File Execution
Attacking the Server and Application Logic
2 Lectures 00:00
Attacking the server: OS Command injection, Path Traversal and Mail Injection
25 pages

Attacking Application Logic
11 pages
(XSS) Cross Site Scripting. Attacking the Users
4 Lectures 24:47

Understand the Cross Site Scripting and how it affects users.

Cross Site Scripting Theory. Attacking Users
33 pages

A real example of how users are affected of XSS.

Reflected XSS – Session Hijacking using Cross Site Scripting

Understand the difference between Reflected and Stored XSS trough examples.

Stored or Persistent Cross Site Scripting

Change a user's password by exploiting a CSRF vulnerabilty.

Preview 07:19
Guideline for Discovering and Improving Application Security
1 Lecture 00:00

See the whole Penetration Testing process summarised, from the beginning to the end.

Guideline for Discovering and Improving Application Security
26 pages
About the Instructor
Gabriel Avramescu
3.9 Average rating
354 Reviews
5,241 Students
8 Courses
Senior Information Security Consultant, IT Trainer

Senior Information Security Consultant

I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary. Act as an effective participant in multidisciplinary security project team. -Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking). Make recommendations on security weaknesses and report on activities and findings. - Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated) - Security lab fixed and virtual assets design for different LAN / WAN architectures - Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment - Perform analysis and testing to verify the strengths and weaknesses of - Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.) - Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures - Assist with the development of remediation services for identified findings - Customize, operate, audit, and maintain security related tools and applications

IT Trainer

- Trainer for Web Application Hacking and Network Infrastructure Hacking - Training students for CCNA and CCNA Security Certification - Training NDG Linux Basics - Legal Main Contact - Curriculum Leader



- CREST CRT (Registered Penetration Tester)

- ISO 270001 Lead Auditor

- ECSA (EC-Council Certified Professional)

- CEH (Certified Ethical Hacker)

- CEI (Certified EC-Council Instructor)

- VMWare vSphere Install, Configure, Manage

- CCNA and CCNA Security

- CCNP Routing and CCNP Switching

- Advanced Linux&InfoSEC

- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.