Web Hacking: Become a Professional Web Pentester
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
24 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Web Hacking: Become a Professional Web Pentester to your Wishlist.

Add to Wishlist

Web Hacking: Become a Professional Web Pentester

Learn everything you need to execute web application security assessments.
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
24 students enrolled
Created by Geri Revay
Last updated 9/2017
Current price: $10 Original price: $195 Discount: 95% off
5 hours left at this price!
30-Day Money-Back Guarantee
  • 8 hours on-demand video
  • 2 Articles
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • understand web security problems and how to fix them,
  • find security vulnerabilities in web applications,
  • start working as a penetration tester for web applications,
View Curriculum
  • Students need to have IT background.
  • Virtual machines are used in the course, a user level understanding of VMWare or Virtualbox is needed.

This course contains everything to start working as a web pentester. You will learn about exploitation techniques, tools, methodologies, and the whole process of security assessments. It is absolutely hands-on, you will do all the attacks in your own pentest environment using the provided applications. The targets are real open-source software. You will have to work hard but at the end you will be able to do web security assessments on your own. 

Who is the target audience?
  • Developers who want to secure their web applications.
  • People who want to become penetration tester.
  • Penetration testers who want extend their portfolio to web applications.
  • Anybody who work in IT or studies it and is interested in web hacking.
Compare to Other Penetration Testing Courses
Curriculum For This Course
52 Lectures
Warm up
3 Lectures 09:58

Introduction to the course.

Preview 03:33

Computer hacking is a sensitive topic, so there is nothing without a disclaimer.

Everything in this course is my private opinion and product. My employer has no connection to it.

Preview 01:34

Introduction to the methodology of security assessments and what is covered by this course.

Preview 04:51
Environment setup
5 Lectures 34:16

Introduces the contents of this section.

Preview 01:25

Download all the resources for the rest of the course.

Download resources

We will setup the target server, which we will attack in the following sections.

Preview 08:56

We will install Kali linux, which we will use throughout the course.

Setting up Kali

We will install the newest Burp Suite in our Kali.

Setting up the Burp Suite
Web 101
6 Lectures 01:22:39

You will learn about the HTTP protocol, which is in the core of the web. You will be able to understand HTTP communication.

How HTTP works

Starting from the basics of web sites you will learn how HTML works.

Static HTML

We will write a simple PHP page to understand how that and similar technologies work.

PHP and friends

We will write a simple MVC application in python with Django, to get a general understanding about modern web frameworks.

Preview 30:00

We will write Javascript to understand its concept.

Application discovery
2 Lectures 28:37

How to map the application manually.

Manual discovery

We will learn about tools, which can help you in the discovery process.

Automated discovery
Attacking session management
6 Lectures 01:01:47

Introduction to how session management works in web applications.

Preview 13:32

You will learn about session fixation vulnerabilities and how to exploit them.

Session fixation

You will learn about why logout is critical in session management.

Weak logout

You will learn about the Same Origin Policy, which is one of the most important security measures of browsers. Understanding how it works is necessary to be able to attack it.

Same origin policy

Cross-site request forgery is one of the most important vulnerabilities in web applications. You will learn about it everything you need to know in this lecture.

Preview 19:58

You will learn, what to recommend to your customers when they suffer from session management problems.

Securing the session
Attacking authentication
8 Lectures 56:19

The corner stone of today's encryption is SSL/TLS, we will learn everything you need to know about it.


We are going to try some authentication bypass attacks.

Authentication bypass

Getting access to the application in the most simple way, and it surprisingly works.

Unauthenticated URL access

We need to talk about password quality because it is still a problem.

Password quality

You will learn how to do password brute force attacks against web applications.

Preview 08:01

Defaults were always the friend of attackers, you will learn why.

Default accounts

There are various ways to recover passwords. Not all of them are secure. You will see here why.

Weak password recovery

We will learn how to prevent authentication problems.

Attacking authorization
4 Lectures 16:55

Typical error is to find feature, authorization is not implemented correctly.

Preview 04:53

Trusting the client side is always a problem. We will learn how to exploit this trust in web applications.

Manipulating variables

Again, never trust the client, especially with authentication.

Client side authentication

We will learn how to prevent authorization problems.

Attacking the client
6 Lectures 01:06:06

Silver bullet of web applications. In this lecture you will learn how to exploit reflected cross-site scripting vulnerabilities.

Preview 18:00

Golden bullet (if there is anything like that) of web applications.

Stored XSS

We will learn how HTTP headers can be used in attacks.

HTTP header injection

Redirects are innocent, right? We will learn here why they aren't.

Malicious URL redirection

Various attacks are possible if the content type is wrong. We will experiment with these.

Exploiting wrong content-type

Fortunately for the world there are new security protections against various attacks. We will learn about some of them in this lecture.

Server side injections
8 Lectures 01:43:03

File upload is always interesting. Many things can go wrong, which we will learn how to exploit.

Malicious file upload

Local and Remote File Inclusion can give you code execution on the server. We will learn how.


Applications sometimes allow code execution in the OS if we can find it. We will find it.

OS command injection

This vulnerability exists since decades and it doesn't want to go away. We will learn how it works and how to exploit it.

Preview 17:51

UNION Select is a special case of SQL injection which can be really useful when extracting data.

UNION Select Attack

Exploiting blind SQL injection vulnerabilities is difficult, but we will learn how to do it.

Blind SQL injection

SQL injections can be time consuming. We will learn how to save some time using tools and automation.

Automating SQLi testing

The rest
4 Lectures 17:43

Quality report is a very important thing if you are doing this professionally. I will give you some tips about how to make a good report.


In this lecture we will learn about how to use my checklist in security assessments.

Preview 04:33

Checklist download

We will talk about what you should do to after this course.

What's next
About the Instructor
Geri Revay
4.3 Average rating
934 Reviews
25,165 Students
2 Courses
Penetration Tester/ Ethical Hacker

I hack stuff for fun and profit, at the moment at Siemens AG in Germany. I was also an external consultant for various companies in insurance, banking, telco or even car production. When I have some free time I also talk at conferences.

Here at Udemy my goal is to put my knowledge and experience in a form which is useful for others, to save you the time, which I spent to acquire all this knowledge from different sources.