Penetration Testing

Web Application Penetration Testing

Master offensive web security from recon to exploitation. OWASP Top 10, Burp Suite, SQLi, XSS, and beyond.

2 Sections

3 Modules

8 Lessons

Featured

burp-suite owasp sqli xss web-security ethical-hacking

About This Course

This course takes you deep into the world of offensive web security. Starting from a solid foundation of HTTP and web architecture, you'll progress through every major vulnerability class used by real-world attackers. By the end of this course you'll be able to conduct full-scope web application assessments, write professional reports, and chain vulnerabilities for maximum impact. Topics include: OWASP Top 10, Burp Suite Pro mastery, SQL injection (manual + automated), Cross-site Scripting, SSRF, XXE, IDOR, JWT attacks, authentication bypass, and more.

Course Curriculum

Phase 1: Foundations

RECON & SETUP

1 Module 3 Lessons

Environment setup, HTTP fundamentals, and recon methodology.

Module 1: Lab Setup & Tooling

Kali Linux, Burp Suite, and target configuration.

3 lessons

Installing Burp Suite Pro

Jan 10, 2024 Video

Download, configure, and license Burp Suite Professional. Set up browser proxy, CA certificate, and target scope.

Video Lesson

Watch on YouTube

Configuring OWASP WebGoat

Jan 12, 2024 Video

Deploy and configure WebGoat as our primary practice target. Understanding Docker-based lab setup.

Video Lesson

Watch on YouTube

HTTP Request/Response Deep Dive

Jan 15, 2024

Dissecting HTTP headers, methods, status codes, cookies, and how web applications communicate.

Phase 2: Core Vulnerabilities

OWASP TOP 10

2 Modules 5 Lessons

Systematic coverage of the most critical web application vulnerabilities.

Module 2: SQL Injection

From basic error-based to blind and time-based injection.

3 lessons

Introduction to SQL Injection

Jan 20, 2024 Video

What is SQL injection, why it exists, and how databases interpret malicious input.

Video Lesson

Watch on YouTube

Manual UNION-Based Extraction

Jan 22, 2024 Video

Column enumeration, database fingerprinting, and data extraction using UNION SELECT statements.

Video Lesson

Watch on YouTube

Blind SQLi: Boolean & Time-Based

Jan 25, 2024

When error messages are suppressed — extracting data character by character using conditional responses.

Module 3: Cross-Site Scripting (XSS)

Reflected, stored, and DOM-based XSS with real exploitation scenarios.

2 lessons

Reflected XSS Fundamentals

Feb 01, 2024 Video

Understanding the browser's DOM, how scripts execute, and building your first reflected XSS payload.

Video Lesson

Watch on YouTube

Stored XSS & Impact Escalation

Feb 05, 2024

Persistent injection points, session hijacking, credential harvesting, and BeEF framework usage.

Web Application Penetration Testing

About This Course

Course Curriculum

Phase 1: Foundations

Module 1: Lab Setup & Tooling

Installing Burp Suite Pro

Configuring OWASP WebGoat

HTTP Request/Response Deep Dive

Phase 2: Core Vulnerabilities

Module 2: SQL Injection

Introduction to SQL Injection

Manual UNION-Based Extraction

Blind SQLi: Boolean & Time-Based

Module 3: Cross-Site Scripting (XSS)

Reflected XSS Fundamentals

Stored XSS & Impact Escalation

Course Overview

Topics Covered

Sections