Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

Learn Web Application Pentesting

The Web Application Pentesting skill path teaches you how to discover and exploit vulnerabilities in Web apps. You'll learn how to use popular penetration testing tools to perform an analysis of Web applications, assess their weaknesses and better defend them from malicious attacks.

5 courses  //   23 videos  //   3 hours of training

Free training week — 600+ on-demand courses and hands-on labs

Web Application Pentesting training

This learning path focuses on building your Web application penetration testing skills. As you progress through five courses, you’ll learn about gaining access to Web apps by attacking session management and bypassing client-side controls, gathering intelligence and mapping applications for attack, sneaking malicious code into applications, and leveraging other methods and tools used by hackers. Upon completion, you’ll have the knowledge and skills necessary to successfully carry out a penetration test against Web applications.

Learning path components

Web Application Pentesting Project
Practice Exam
Web Application Pentesting Project

Web Application Pentesting Project

This project is built on a real bounty-based CTF challenge hosted by Infosec. Each of its levels represents a vulnerable Web application and is based on the OWASP Top Ten list of the most common web application security risks, including SQL injection, Cross-Site scripting (XSS), broken authentication and more. You’ll need to apply all your knowledge about web application vulnerabilities and use many different tools and browser utilities to solve the challenges.

Number of questions: 13

Web Application Pentesting Skill Assessment
Web Application Pentesting Skill Assessment

Web Application Pentesting Skill Assessment

See how your Web Application Pentesting skills stack up against other professionals in your field.

Number of questions: 20

Introduction to Web Application Pentesting
Introduction to Web Application Pentesting

Introduction to Web Application Pentesting

Begin your pentesting path with this foundational introduction to Web application pentesting, covering common threats, methodologies and more.

3 videos
19 minutes of training

Attacking Web Application Access Controls
Attacking Web Application Access Controls

Attacking Web Application Access Controls

Learn to attack web application access controls with this course on attacking access control, attacking authentication, attacking session management and more.

4 videos
28 minutes of training

Target Identification and Application Mapping
Target Identification and Application Mapping

Target Identification and Application Mapping

Take a closer look at target identification and application mapping with this course covering service identification, core defense mechanisms and more. Includes vocabulary and tools.

6 videos
55 minutes of training

Injection Attacks
Injection Attacks

Injection Attacks

Learn what you need to know about injecting code or SQL queries into vulnerable applications in order to circumvent access controls. Includes vocabulary and examples.

2 videos
20 minutes of training

Common Attack Methods
Common Attack Methods

Common Attack Methods

Think like a hacker with this course on common attack methods used for pentesting, including attacking Web services, cross-site scripting and exploiting logic flaws.

8 videos
37 minutes of training


What you’ll learn.

  • Web app pentesting methodologies
  • Exploiting Web app access controls
  • Gathering information on Web apps
  • SQL and code injection attacks
  • Other popular attacks, such as clickjacking and cross-site scripting
  • And more!

Who is this for?

A familiarity of penetesting concepts and a Security+ certification, or equivalent knowledge, are recommended.

This skill path is designed for:

  • Penetration testers
  • Cybersecurity consultants
  • Web application developers
  • Web administrators
  • Anyone with a desire to improve their Web application pentesting skills!

Train on your schedule


Infosec Skills

  • 600+ courses
  • 100s of hands-on labs and projects
  • 70+ role-based learning paths
  • Skill assessments
  • Custom learning paths
  • Custom certification practice exams
  • Cloud-hosted cyber ranges
  • Infosec peer community support

Infosec Skills boot camp

  • Live, instructor-led training
  • Available in-person or live online
  • All Infosec Skills content from the minute you enroll to 90 days following your boot camp
  • Certification exam voucher
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee


Infosec Skills Teams

$599 per learner / year

  • All Infosec Skills content for the year
  • Team boot camp discounts — online or onsite (not included with subscription)
  • Team administration and reporting
  • Custom team learning paths
  • Transferable licenses
  • Dedicated client success manager

Award-winning training that you can trust

Best Software - Highest Satisfaction

Infosec Skills

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Education Provider & Best Security Education Platform

Infosec Skills

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Global Excellence - Cyber Security Education & Training

Infosec Skills

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Cybersecurity Workforce Framework.

LX Labs

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.