TryHackMe | Web Application Pentesting Training

Skip to main contentSkip to main content

Path Web Application Pentesting

Learn how to perform security assessments of web applications.

Learn about common web vulnerabilities
Understand web authentication mechanisms
Perform server- and client-side exploits
Understand the remedies for web vulnerabilities

Example learning path completion certificate

Complete this learning path and earn a certificate of completion.

Introduction

Every day you interact with web applications. Just reading the information here means you are using a web application! Understanding how to test web applications is a critical skill required by almost every pentester! Even if you want to specialise in testing other systems like networks or cloud, a solid baseline in web application testing will greatly assist you on this journey. This path covers key topics that you need to understand for web application testing, such as:

Authentication Attacks
Injection Attacks
Advanced Server-Side Attacks
Advanced Client-Side Attacks
HTTP Request Smuggling

Completing this learning path will allow you to learn and become a great web application penetration tester.

Section 1

Authentication

Enumeration & Brute Force Session Management JWT Security OAuth Vulnerabilities Multi-Factor Authentication Hammer

Topic Rewind Recap

Section 2

Injection Attacks

Advanced SQL Injection NoSQL Injection XXE Injection Server-side Template Injection LDAP Injection ORM Injection Injectics

Topic Rewind Recap

Section 3

Advanced Server-Side Attacks

Insecure Deserialisation SSRF File Inclusion, Path Traversal Race Conditions Prototype Pollution Include

Topic Rewind Recap

Section 4

Advanced Client-Side Attacks

XSS CSRF DOM-Based Attacks CORS & SOP Whats Your Name?

Topic Rewind Recap

Section 5

HTTP Request Smuggling

HTTP Request Smuggling HTTP/2 Request Smuggling Request Smuggling: WebSockets HTTP Browser Desync El Bandito

Topic Rewind Recap