Practical Web Application Penetration Testing (WAPT)

Learn how to find, exploit and explain security issues in Web Applications.

What you'll learn
- Software Security Fundamentals
- How to approach the security testing of a web application
- How to document security issues through Proof of Concepts (PoC)
- How to reason about risk and threats associated to security issues
- How to use Burp Suite to perform a web penetration test

Requirements
- Basic linux knowledge
- Basic HTTP knowledge

Description
This course has been developed with a clear objective: show in practice what it means to perform a Web Application Penetration Test (WAPT), exactly as it would happen with a real client in a daily week of work, in order to quickly reach the experience level of a junior penetration tester.

Consider these questions:

Are you interested in working in the security industry?

Do you want to learn how to test the security of a Web Application?

Do you like hands-on, practice-based learning?

If you answered yes to these questions, then this course is for you.

In this course, we will show how to test the security of Secure Bank, a home banking application designed as a training ground for penetration testers and web developers. During the test we will find 40+ security issues, belonging to the following  categories:

- Information Disclosure

- Injection Vulnerabilities

- Authentication

- Authorization

- Session Management

- Business Logic Vulnerabilities

- Data Validation Vulnerabilities

- Cryptography

- Insecure Configuration

For each security issue, we will show how to find the vulnerable behavior, how to exploit it and finally how to explain using written Proof of Concepts (PoCs) to the final client. That is, we will enumerate, exploit and explain repeatedly throughout the course.

Who this course is for:
- Cybersecurity enthusiasts curious about Web Security Testing
- People interested in working in the security industry as Web Penetration Testers
- People interested about security in general
More Info