Learning path
Web Application Pentesting
Learn about the various vulnerabilities that can exist in web application and how to perform security assessments of web applications.
intermediate
Learn how to perform security assessments of web applications:
- Learn about common web vulnerabilities
- Understand web authentication mechanisms
- Perform server- and client-side exploits
- Understand the remedies for web vulnerabilities
Complete this learning path and earn a certificate of completion.
Introduction
Every day you interact with web applications. Just reading the information here means you are using a web application! Understanding how to test web applications is a critical skill required by almost every pentester! Even if you want to specialise in testing other systems like networks or cloud, a solid baseline in web application testing will greatly assist you on this journey. This path covers key topics that you need to understand for web application testing, such as:
- Authentication Attacks
- Injection Attacks
- Advanced Server-Side Attacks
- Advanced Client-Side Attacks
- HTTP Request Smuggling
Completing this learning path will allow you to learn and become a great web application penetration tester.
Section 1
Authentication
Enumeration & Brute Force
Session Management
JWT Security
OAuth Vulnerabilities
Multi-Factor Authentication
HammerSection 2
Injection Attacks
Advanced SQL Injection
NoSQL Injection
XXE Injection
Server-side Template Injection
LDAP Injection
ORM Injection
InjecticsSection 3
Advanced Server-Side Attacks
Insecure Deserialisation
SSRF
File Inclusion, Path Traversal
Race Conditions
Prototype Pollution
Include
Section 5
HTTP Request Smuggling
HTTP Request Smuggling
HTTP/2 Request Smuggling
Request Smuggling: WebSockets
HTTP Browser Desync
El Bandito