Web Application Penetration Testing (W71)


6 items sold

This course will cover the OWASP TOP 10 vulnerabilities as well as other critical Web Application weaknesses. You don’t need previous experience in penetration testing.

In stock

Get the access to all our courses via Subscription


This course will cover the OWASP TOP 10 vulnerabilities as well as other critical Web Application weaknesses. You don't need previous experience in penetration testing.

After completing this training, you will be a web application penetration tester. The act of discovering security vulnerabilities or bugs in a website and responsibly exposing them to your company's security team in an ethical manner is known as Web Application Penetration Testing. 

"Hack yourself before they hack you”,

underlines the need of proactive security measures. In practice, this means enterprises must detect through penetration testing and patch vulnerabilities in their systems and applications before malicious hackers may exploit them.

This proactive approach to security helps prevent data breaches, financial losses, and damage to an organization's reputation.

  • Bug bounty hunters
  • Ethical hackers 
  • Penetration testers
  • Security analysts
  • Developers
  • CISO - Chief information security officer
  • Security administrators 
  • SOC Analysts 
  • Ethical hacking enthusiast

Why take it NOW?

Web application penetration testing skills are in high demand in the job market and well paid up to 120K$ per year, making it a valuable area of expertise for those interested in a career in information security.

Why this course?

There are various reasons why learning web application penetration testing is important. To begin, knowing how attackers think and operate may help firms better safeguard their systems and data. Organizations may detect and fix possible flaws by learning about typical attack tactics and vulnerabilities. Furthermore, as people become increasingly reliant on technology in many parts of their lives, the quantity and sophistication of cyberattacks is rising, making it even more vital for individuals and companies to understand and protect against them.

Course benefits:

What skills will you gain?​​ ​​​ ​​ ​ ​​​​​

  • Web security testing 
  • Automated security testing
  • Manual security testing
  • Bug hunting skills
  • Think outside of the box 
  • Vulnerability assessment
  • Hacker mindset

What will you learn about?

  • Latest OWASP Top 10 framework
  • Security testing vulnerabilities
  • Learn how to detect critical vulnerabilities 
  • Learn the ways to exploit vulnerabilities
  • Check list approach for security penetration testing

What tools will you use?

  • Kali Linux
  • Burp Suite
  • Nikto
  • Metasploit

Course general information: 


DURATION: 15 hours

CPE POINTS: On completion, you get a certificate granting you 15 CPE points. 

The course starts on the 28th of November 2023.

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text

What will you need?

  • A computer system with 40GB of storage and min 8GB of RAM
  • Internet connectivity
  • Kali Linux
  • Burp Suite community edition  
  • Virtual Box or VMWARE workstation

What should you know before you join?

  • Virtual Box or VMWARE skills  
  • Linux 
  • Familiar with web languages

YOUR INSTRUCTOR: Youssef Khaoulaj

Youssef is a security researcher specialized in finding web applications, cloud, blockchain and smart contract vulnerabilities. He has more than 8 years of experience in the field of information security that varies from Web Application Security, Incident Handling, Cloud Security, Network Security, Blockchain and Smart Contract Security. Youssef has more than 3 years of experience in the field of Blockchain and Smart Contract with a good knowledge in Decentralized Applications Development. He has spoken at numerous conferences and published many papers and reports in the area of hacking and smart contract auditing. 

He has received many recommendations from EX-Pentagon cybersecurity engineers, IT security trainers in Australia and his supervisor System administrator USA.


Module 0

Before the course

Check list for pen testing and other web application vulnerabilities, like 2 FA bypass, Joomla, Drupal, WordPress, Oauth etc.

Module 1

Vulnerable and Outdated Components

Vulnerable and outdated components are software components (libraries, frameworks, modules, plugins, and so on) used inside an application or system that have known security vulnerabilities or have not been updated to their most recent versions. These components may compromise a software application's or system's security and stability.

  • Nmap
  • Burp Suite 
  • Directory listing
  • Error handling 
  • Fingerprinting 
  • Metasploit 
  • Brute force
  • OSINT tools 

Module 2

Identification and Authentication Failures

Failures in identification and authentication occur when systems or processes fail to correctly identify and authenticate persons seeking to access a certain resource, system, or service.

  • Default credentials 
  • Brute force 
  • Session management
  • Session fixation
  • Logic vulnerabilities
  • Password reset mechanism
  • Account Lockouts

Module 3

 Server-side Request Forgery

An attacker uses server-side request forgery (SSRF) to trick a web application into making unauthorized requests to other resources or services on the same server or inside an internal network. This can expose data, allow unwanted access, and perhaps lead to further exploitation of the target system.

  • Because this is the SSRF issue, we will test for this sort of vulnerability in many settings and target types. We will test for SSRF vulnerability using both automated and manual methods.

Module 4

Software and Data Integrity Failures

Software and data integrity failures occur when the integrity (accuracy, consistency, and dependability) of software programs or data sets becomes compromised as a result of mistakes, corruption, illegal alterations, or malicious acts. These failures can have major repercussions, such as data loss, system failure, security breaches, and other vulnerabilities.

  • Insecure deserialisation
  • Unauthorized Access and Modification
  • Misconfiguration
  • Download of code without an integrity check
  • Supply chain attack


If you have any questions, please contact our eLearning Manager at [email protected].


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.