HomeCoursesWeb Application Penetration Testing

4.4

Intermediate

16h

Web Application Penetration Testing

Gain insights into web app vulnerabilities and attack methods, delve into penetration testing with Kali Linux, and explore tools for enhancing information security using Python, web tech, and network management.

Join 2.7 million developers at

Overview

Content

Reviews

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

This course is intended for people interested in information security—particularly in the penetration testing of various website...Show More

WHAT YOU'LL LEARN

Working knowledge of finding and exploiting vulnerabilities in a web application

The ability to scan and assess a web application

Hands-on experience in identifying risks with penetration testing tools

Mastery of protecting web applications by applying solid mitigation strategies

Working knowledge of finding and exploiting vulnerabilities in a web application

TAKEAWAY SKILLS

Python Programming

HTTP Protocol and Web API

Interactive Real-time Web Applications

Content

62 Lessons11 Quizzes

Introduction to the Course

1 Lessons

Get familiar with web app security, vulnerability assessment, and ethical penetration testing principles.

Getting Started

Introduction to Linux

10 Lessons

Get started with essential Linux commands, file systems, text manipulation, Git, software, permissions, Bash, logging, and kernel management.

Linux Commands

Linux File System

Text Manipulation

Git and Git Version Control

Software Management

Permissions and Process Management

Bash Scripting

System Logging

Linux Kernel and Loadable Modules

Quiz Yourself on Basic Linux Commands

Introduction to Python

5 Lessons

Explore the essentials of Python basics, variables, functions, control flow, and scripting.

Python Basics

Variables, Functions, and Lists

Control Flow

Python Scripting

Quiz Yourself on Python Basics

Web and Server Technology

6 Lessons

Break down the steps to understanding HTTP/S, Apache, web encoding, cookies, and proxies.

HTTP/S Protocol Basics

Running a Web Server with Apache

Web Encoding

Proxies

Quiz Yourself on Web and Server Technology

Network Management and Analysis

5 Lessons

Understand network management, modify network details, and analyze traffic using essential tools.

Network Analysis Using ifconfig and iwconfig

Modification of Network Information

Modification of Domain Name System

Wireshark

Quiz Yourself on Network Management and Analysis

Open-Source Intelligence

5 Lessons

Focus on OSINT techniques, web fingerprinting, Google hacking, and Shodan for gathering information.

Gathering Information on a Target

Web Fingerprinting Infrastructure

Google Hacking

Shodan

Quiz Yourself on Open-Source Intelligence

Cross-Site Scripting

4 Lessons

Master protecting web applications from XSS attacks through understanding, exploiting, and mitigating techniques.

Cross-Site Scripting Basics

XSS Exploitation

Mitigation of XSS

Quiz Yourself on Cross-Site Scripting

SQL Injection

4 Lessons

Break down SQL injection techniques, detection tools, exploitation methods, and mitigation strategies.

Introduction to SQL Injection

Automatically Finding SQL Injections

Exploiting and Mitigating SQL Injections

Quiz Yourself on SQL injection

Authentication and Authorization

5 Lessons

Unpack the core of authentication and authorization concepts, vulnerabilities, exploitation, and mitigation strategies.

Fundamentals of Authentication and Authorization

Common Vulnerabilities

Bypassing Authentication and Authorization

Mitigation Strategies

Quiz Yourself on Authentication and Authorization

10.

Cross-Site Request Forgery

4 Lessons

Go hands-on with discovering, exploiting, and mitigating Cross-Site Request Forgery vulnerabilities.

Cross-Site Request Forgery

Exploiting and Finding CSRF Vulnerabilities

Mitigation of Cross-Site Request Forgery

Quiz Yourself on Cross-Site Request Forgery

11.

Social Engineering Attacks

6 Lessons

Build a foundation in social engineering tactics, tools, and mitigation strategies.

Social Engineering

Social-Engineer Toolkit (SET)

Man-in-the-Middle (MITM) Attacks

A Deeper Look at Phishing

Mitigation of Social Engineering

Quiz Yourself on Social Engineering

12.

Broader Security Concepts

6 Lessons

Explore broader security concepts, including privacy, DoS attacks, auditing, and Security Operations Centers.

Security, Anonymity, and Privacy

Denial-of-Service

Auditing Web Services

Auditing Strategies

Security Operations Center (SOC)

Quiz Yourself on Broader Security Concepts

13.

Wrapping Up

1 Lessons

Focus on challenges, persistence, and skills growth in web application penetration testing.

Conclusion

Certificate of Completion

Showcase your accomplishment by sharing your certificate of completion.

Course Author:

OCHIENG' BOSTONE

Developed by MAANG Engineers

Every Educative resource is designed by our team of ex-MAANG software engineers and PhD computer science educators — subject matter experts who’ve shipped production code at scale and taught the theory behind it. The goal is to get you hands-on with the skills you need to stay ahead in today's constantly evolving tech landscape. No videos, no fluff — just interactive, project-based learning with personalized feedback that adapts to your goals and experience.

Trusted by 2.7 million developers working at companies

"These are high-quality courses. Trust me. I own around 10 and the price is worth it for the content quality. EducativeInc came at the right time in my career. I'm understanding topics better than with any book or online video tutorial I've done. Truly made for developers. Thanks"

Anthony Walker

@_webarchitect_

"Just finished my first full #ML course: Machine learning for Software Engineers from Educative, Inc. ... Highly recommend!"

Evan Dunbar

ML Engineer

"You guys are the gold standard of crash-courses... Narrow enough that it doesn't need years of study or a full blown book to get the gist, but broad enough that an afternoon of Googling doesn't cut it."

Software Developer

Carlos Matias La Borde

"I spend my days and nights on Educative. It is indispensable. It is such a unique and reader-friendly site"

Souvik Kundu

Front-end Developer

"Your courses are simply awesome, the depth they go into and the breadth of coverage is so good that I don't have to refer to 10 different websites looking for interview topics and content."

Vinay Krishnaiah

Software Developer

Hands-on Learning Powered by AI

See how Educative uses AI to make your learning more immersive than ever before.

Personalized Interview Prep

Skip the LeetCode grind with a custom roadmap that adapts to your goals. Hands-on practice for Coding Interviews, System Design, and more.

Mock Interviews

Test your skills in a simulated interview setting. Receive personalized feedback based on your performance. Available for Coding Interviews, System Design, and more.

AI Prompt

Build prompt engineering skills. Practice implementing AI-informed solutions.

Code Feedback

Evaluate and debug your code with the click of a button. Get real-time feedback on test cases, including time and space complexity of your solutions.

Explain with AI

Select any text within any Educative course, and get an instant explanation — without ever leaving your browser.

AI Code Mentor

AI Code Mentor helps you quickly identify errors in your code, learn from your mistakes, and nudge you in the right direction — just like a 1:1 tutor!

Course

Web Application Security for the Everyday Software Engineer

Gain insights into enforcing web app security best practices, such as HTTPS, defending against XSS and clickjacking, managing HTTP cookies, and warding off DDoS attacks.

4 h

intermediate

Course

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

5 h

intermediate

Course

Oauth2 with Spring Security

Gain insights into Oauth2 and Spring Security, learn about various grant types, and practice hands-on exercises to configure robust authentication systems effectively.

1 h 30 m

advanced

Course

Cyber Security Best Practices for Developers

Gain insights into cyber security fundamentals, explore common threats, discover protection mechanisms like firewalls, learn monitoring and response strategies, and develop secure systems as a developer.

4 h

beginner

Course

Web Application Security: Understanding HTTP Security Headers

Gain insights into HTTP security headers, learn their risks, explore solutions, and discover how to implement them using Helmet for enhanced web application security.

1 h 10 m

beginner

Course

JakartaEE Security Workshop

Explore Java Enterprise security, focusing on authentication, authorization, and information security. Gain insights into encoding, encryption, and hashing. Discover OAuth2 and OpenID Connect integration techniques.

9 h

beginner

Course

Web Application Security for the Everyday Software Engineer

intermediate

4 hour

Course

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

intermediate

5 hour

Course

Oauth2 with Spring Security