Web App Pentesting Online Course

Web App Pentesting Online Course

This course introduces the core elements of web application infrastructure, covering URLs, HTTP methods, APIs, CMS, and databases before diving into web vulnerabilities and exploitation techniques. You’ll gain hands-on experience using tools like Burp Suite and OWASP ZAP while learning to identify and exploit issues such as SQL Injection, XSS, and CSRF. Advanced topics like JWT attacks, IDOR, and SSRF round out the training, ensuring you develop strong practical skills in web app pentesting and are well-prepared for real-world security challenges.

Who should take this course?

This course is ideal for network engineers, system administrators, and IT professionals who want to automate networking tasks using Python. It’s also valuable for those seeking to enhance their skills in scripting, configuration management, and network troubleshooting.

What you will learn

• Conduct vulnerability scans with Nikto and Burp Suite
• Execute directory fuzzing with Feroxbuster
• Detect and exploit SQL injections using SQL Map
• Uncover and mitigate XSS vulnerabilities
• Safeguard against CSRF and SSRF threats
• Implement JWT attack strategies for security

Course Outline

Web Basics

• Overview
• URLs
• HTTP Methods
• Web App Infrastructure
• Web APIs
• Content Management Systems
• Databases

Common Tools

• Web Browser
• Burp Suite
• OWASP ZAP
• Sublist3r
• Nikto
• Feroxbuster
• Cewl
• WPScan
• SQLMap
• FFuF

Information Gathering and Recon

• Manual Inspection
• Vulnerability Scanning
• Directory Fuzzing

Attacks

• Reflected XSS
• Persistent XSS
• DOM-Based XSS
• Error-Based SQLi
• Blind-Based SQLi
• Session Hijacking
• Command Injection
• File Inclusion
• CSRF
• SSRF
• JWT Attack
• IDOR
• Security Misconfigurations