Your Web Pentesting Career Starts Here
Practical Web Application Security and Testing is an entry-level course on web application technologies, security considerations for web application development, and the web application penetration testing process.
We begin with the basics of HTTP, servers, and clients, before moving through the OWASP Top 10 on our way to a full demonstration penetration test. We also cover the reporting process for web application assessments, so you’re prepared not only to conduct security assessments on web applications but also clearly and effectively communicate your findings.
Who You Are
Aspiring Offensive Security Professionals should familiarize themselves with the design and function of web applications in order to effectively test them. Learning how to identify and exploit web vulnerabilities will broaden your possible career opportunities (and attack paths!).
Aspiring Defensive Security Professionals will better understand how to protect web applications if they understand how they are attacked. Learning these concepts, techniques, and approaches will prepare defenders to discuss server and application defense with developers and system administrators.
Web Application Developers will benefit from building their security muscle by seeing their code through the attackers’ eyes. Even if security is not your main job, keeping it in mind during development will benefit you, your team, and your users.
Prerequisites
- Some familiarity with the Linux command line.
Computer Requirements
- A computer capable of running a hypervisor—setup instructions are provided for Hyper-V and VirtualBox
- At least 16GB of RAM
At least 50 GB of storage space
Example Curriculum
- 4-1: OWASP Overview
- 4-2: Broken Access Control
- 4-3: Cryptographic Failures
- 4-4: Injection - XSS
- 4-5: Injection - SQLI
- 4-6: Injection - Command Injection
- 4-7: Insecure Design
- 4-8: Security Misconfiguration
- 4-9: Vulnerable and Outdated Components
- 4-10: Identification and Authentication Failures
- 4-11: Software and Data Integrity Failures
- 4-12: Security Logging and Monitoring Failures
- 4-13: Server-Side Request Forgery
- 4-14: Extra Practice