Practical Web Application
Penetration Testing
Secure your web application using automated tools
through Penetration Testing
START YOUR 14-DAY FREE TRIAL
Practical Web Application Penetration Testing
With increase in we application, the way of doing business has changed along with the way of sharing and accessing data. This has invited malicious attackers to intrude into the system and gain leverage. Therefore, Web Application Pentesting has become important to defend the application and network. This course will teach you how to analyze technical flaws, vulnerabilities and weakness.

This Course Will Help You To
![]() |
Build an end-to-end web application security model. |
![]() |
Test network and web application configuration for vulnerabilities. |
![]() |
Try automated web hacking techniques using tools like OWASP ZAP, WMAP, Acunetix, etc. |
Who is it for?
Anybody who is interested in learning website & web application hacking / penetration testing.
Anybody who wants to learn how hackers hack websites.
Anybody who wants to learn how to secure websites & web applications from hacker.
Web developers to create secure web application & secure their existing ones.
Web admins to secure their websites.
Approach
Learn to assess web applications security by an attack’s simulation.
About the Course
Practical Web Application Penetration Testing
Exploitation of web application has become a trend for hackers leading to data breach. Understanding and analyzing the framework of a web application is important for developer and security analyst to defend it from attacks. This course is focused on the practical implementation of penetration testing. You’ll first learn how to set up a lab and install the required software to implement penetration testing on your machine.
This course will help you get acquainted infrastructure of a website, how does it work, what does it rely on, working of a web server, a database, and how all of these components work together to give us functioning websites. This course will help to launch attacks and test the security of websites and web applications just like black hat hackers do, not only that but you’ll be able to fix these vulnerabilities but also secure websites from them. After learning the basics, you will discover end-to-end implementation of tools such as OWASP ZAP, WMAP, Acunetix and Kali Linux.
Introduction to Web Pentesting
Watch Your First Video
Course Outline
Section 1: Introduction
1.1: Introduction
Section 2: Course Preparation: Lab Setup
2.1: Building a Lab: Concepts
2.2: Building a Lab: Virtual Box
2.3: Deploying a Kali Linux VM
2.4: Deploying a Metasploitable VM
2.5: Deploying a Windows VM
Section 3: Useful Information Before We Start
3.1: Kali Linux Overview
3.2: Introduction to Linux Commands
3.3: Lab Environment Settings
3.4: Websites 101
3.5: Websites Hacking Introduction
Section 4: Footprint and Reconnaissance
4.1: Information Gathering
4.2: Discovery Tools
4.3: DNS Reconnaissance
4.4: Websites Hosted on the Same Server
4.5: Subdomains
4.6: Finding Files on Directories
4.7: Analyzing Discovery Files
4.8: Maltego (1 of 2)
4.9: Maltego (2 of 2)
Section 5: File Upload Vulnerability
5.1: Introduction to File Upload Vulnerabilities
5.2: HTTPS Requests: Get & Post
5.3: Using Burp as a Proxy Server
5.4: Exploiting File Upload Vulnerability (1 of 2)
5.5: Exploiting File Upload Vulnerability (2 of 2)
5.6: File Upload Vulnerability Countermeasures
Section 6: Code Execution Vulnerabilities
6.1: Code Execution Vulnerabilities (1 of 2)
6.2: Code Execution Vulnerabilities (2 of 2)
6.3: Code Execution Vulnerability Countermeasures
Section 7: Local File Inclusion Vulnerabilities
7.1: Local File Inclusion Vulnerabilities
7.2: Getting Shell from LFI Vulnerability (1 of 2)
7.3: Getting Shell from LFI Vulnerability (2 of 2)
Section 8: Remote File Inclusion Vulnerabilities
8.1: Remote File Inclusion Vulnerabilities (1 of 3)
8.2: Remote File Inclusion Vulnerability (2 of 3)
8.3: Remote File Inclusion Vulnerability (3 of 3)
8.4: RFI Vulnerability Countermeasures
Section 9: Introduction to SQL Injection
9.1: Introduction to SQL Injection
9.2: SQLi Severity
Section 10: SQLi on HTTP Post Requests
10.1: Finding SQLi on HTTPS Post Requests
10.2: Bypassing Logins Using SQLi (1 of 2)
10.3: Bypassing Logins Using SQLi (2 of 2)
10.4: SQLi Login Bypass Countermeasures
Section 11: SQLi on HTTPS Get Requests
11.1: Finding SQLi on HTTPS Get Requests
11.2: Reading Database Information
11.3: Finding Database Tables
11.4: Extracting Sensitive Information From Databases
Section 12: Advanced SQLi
12.1: Exploiting Blind SQLi
12.2: Advanced Techniques to Find SQLi Vulnerabilities
12.3: Advanced Techniquest to Extract Passwords using SQLi
12.4: Bypassing Security to Access All Records
12.5: Bypassing Filters
12.6: SQLi Countermeasures
12.7: Read/Write Files on the Server using SQLi
12.8: Getting Reverse Shell and Full Control on a Webserver
12.9: sqlmap
12.10: Getting Shell Using sqlmap
12.11: More SQLi Countermeasures
Section 13: Cross Site Scripting (XSS)
13.1: Introduction to XSS
13.2: Reflected XSS (1 of 3)
13.3: Reflected XSS (2 of 3)
13.4: Reflected XSS (3 of 3)
13.5: Stored XSS (1 of 2)
13.6: Stored XSS (2 of 2)
13.7: DOM Based XSS
Section 14: BeEF Framework
14.1: Exploiting XSS using BeEF
14.2: Hooking Victims to BeEF Using Stored XSS
14.3: Interacting with BeEF Victims
14.4: Running Basic Commands on Victms
14.5: Stealing Credentials from a Fake Login Prompt
14.6: Installing Veil
14.7: Veil Overview and Basic Payloads
14.8: Generating a Backdoor
14.9: Listenning to Incomming Connections
14.10: Basic Backdoor Delivery Method
14.11: BeEF Gaining Full Control Over a Windows Target
14.12: XSS Vulnerability Countermeasures
Section 15: Cross Site Request Forgery (CSRF)
15.1: Manipulate Cookies to Get Admin Access
15.2: Discovering CSRF Vulnerabilities
15.3: Exploiting CSRF (1 of 2)
15.4: Exploiting CSRF (2 of 2)
15.5: CSRF Vulnerability Countermeasures
Section 16: Password Attacks
16.1: Brute Force and Dictionary Attacks
16.2: Creating a Wordlist
16.3: Launching a Wordlist Attack with Hydra (1 of 2)
16.4: Launching a Wordlist Attack with Hydra (2 of 2)
Section 17: Advanced Web Hacking and Automation
17.1: OWASP ZAP (1 of 2)
17.2: OWASP ZAP (2 of 2)
17.3: Samurai Framework & w3af console
17.4: Acunetix
17.4: WMAP
17.5: CMSmap
17.6: WebGoat and XML Injection
Section 18: Conclusion
18.1: Conclusion
Luciano Ferrari
Know Your Author
Luciano Ferrari is an information security leader and IoT hacking expert. He holds multiple security certifications, including CISSP, CISM, CRISC, and PCIP, and has worked at Fortune 500 companies in both technical and leadership roles. He drives progress at his own company, LufSec, where he works on security-related issues and projects.
Luciano has conducted hundreds of IT security audits and penetration tests, including audits and tests on IoT devices for cable companies. He has also leveraged his IT security expertise in manufacturing, semiconductor, financial, and educational institutions. With his background in electronics and microelectronics, his distinct specialization is definitely on hardware hacking. Luciano is passionate about sharing his knowledge with others and teaching.
His other areas of expertise include IT infrastructure, networking, penetration testing, risk, vulnerability, and threat management. In private, he enjoys researching new technologies and participating at security conferences and in bug bounty programs.
Customers Who Loved Our Courses
Practical Web Application Penetration Testing
antonio.delapaz.rincon
Practical examples and detailed explanations.
whhs80
These videos are very interesting. especially,I like section that XSS using BeEF.
k4iju.zer0
Everything. This is the exact type of course I was hoping for when I subscribed to the service.
gardinerachris
Broad coverage of many of the knowledge domains relating to web application penetration testing.
jamesotter99
It was extremely informative and covered a lot of ground.