Tutorialspoint

Celebrating 11 Years of Learning Excellence! Use: TP11

The Complete Practical Web Application Penetration Testing

person icon Motasem Hamdan

4.4

The Complete Practical Web Application Penetration Testing

Learn How To Conduct Penetration Testing For Web Applications.

updated on icon Updated on Jun, 2025

language icon Language - English

person icon Motasem Hamdan

English [CC]

category icon Development ,Software Testing,

Lectures -17

Duration -4 hours

Lifetime Access

4.4

price-loader

Lifetime Access

30-days Money-Back Guarantee

Training 5 or more people ?

Get your team access to 10000+ top Tutorials Point courses anytime, anywhere.

Course Description

Welcome to this complete course about web application penetration testing. The course doesn't require any prior knowledge of testing web applications for security vulnerabilities, nor does it require any level of coding knowledge, although it's preferred.

This course covers web application vulnerabilities in a practical fashion, using practical labs designed for demonstrations. The course contains a theoretical part to explain the concepts and a practical part for demonstration. The theoretical part of the course is packed into a downloadable PDF file as well.

You will learn everything by doing, and the course shows practical demonstrations of vulnerable systems designed for practicing your skills in web application penetration testing.

At the end of this course, learners should achieve the below objectives:

  • Understand Web application penetration testing methodology
  • Understand the concepts of web application vulnerabilities
  • Be able to conduct manual testing of web application vulnerabilities

The course is divided to cover the 10 most common web application vulnerabilities, covered in the OWASP top 10 list as of 2022.

1. Injection vulnerabilities: Injection vulnerabilities are very common in today's websites. In this section, you will get to understand what causes an injection vulnerability and be able to uncover its existence by looking through and testing the right parts in any web application. In injection vulnerabilities, we cover the below categories:

· SQL Injection: Most common vulnerabilities against databases. You will learn the different types of SQL injection vulnerabilities in addition to the ability to test and uncover an SQL injection by performing practical exercises against vulnerable pages.

· SQLmap: After you learned how to manually test for SQL injection, here you will learn how to automate your testing using one of the most popular tools used in SQL injection

· Command Injection: Command injections are one of the most dangerous web application vulnerabilities as they allow for a complete takeover of the system. In this section, you will learn how to spot a command injection vulnerability and how to perform a proof of concept.

2- Broken Access Control: This vulnerability also comes in the OWASP top 10 list as of 2022. We will cover weaknesses in a website that would allow unrestricted access to sensitive resources.

3- Broken Authentication: This section will teach you how to bypass authentication methods such as login forms.

4- JSON Web Tokens: JWTs are not considered a web application vulnerability but rather a kind of cookie used for authorization. In this section, we will go through the process of showing the mechanisms of testing and exploiting these tokens.

5- Sensitive Data Exposure: This section will reveal techniques that are used to see if a website has security measures against data leaks.

6- SSRF, aka server-side request forgery: One of the recently added vulnerabilities to the OWASP top 10 list. You will learn how to use it to make a website reveal sensitive resources and load internal running services.

7- SSTI, aka server-side template injection: not commonly talked about, but this section explains how such a vulnerability may lead to devastating outcomes such as command injection and full system takeover.

8- XSS, aka Cross-Site Scripting: Very well-known and popular web application vulnerability. In this section, we will practically explain Stored, Reflected, and DOM-based XSS.

9- XXE, aka XML External Entity Injection: a vulnerability that occurs as a result of poor XML implementation. We will explain how XML works and see different techniques to exploit XXE.

10- CSRF, aka Cross-Site Request Forgery: Very popular vulnerability that, when exploited, allows for unauthenticated actions against users. We will learn practically how to perform and set up a testing environment to uncover CSRF.

Goals

  • Understand Web application penetration testing methodology
  • Understand the concepts of web application vulnerabilities
  • Be able to conduct manual testing of web application vulnerabilities

Prerequisites

  • Basic knowledge about the web.
  • No programming is needed
The Complete Practical Web Application Penetration Testing

Curriculum

Check out the detailed breakdown of what’s inside the course

Introduction

1 Lectures
  • play icon Introduction 03:09 03:09

Injection Vulnerabilities

7 Lectures
Tutorialspoint

Broken Authentication and Security Misconfigurations

3 Lectures
Tutorialspoint

Other Common Web Application Vulnerabilities

6 Lectures
Tutorialspoint

Instructor Details

Motasem Hamdan

Motasem Hamdan

Course Certificate

Use your certificate to make a career change or to advance in your current career.

sample Tutorialspoint certificate

Our students work
with the Best

Related Video Courses

View More

Annual Membership

Become a valued member of Tutorials Point and enjoy unlimited access to our vast library of top-rated Video Courses

Subscribe now
Annual Membership

Online Certifications

Master prominent technologies at full length and become a valued certified professional.

Explore Now
Online Certifications

Talk to us

1800-202-0515