Learn Web Application Pentesting

The web application penetration testing path will cover all of the essentials for those wanting to become a web app pentester. You'll learn how to ethically emulate real-world attacks in order to discover and responsibly disclose an organization's vulnerabilities.

4 courses  //   26 videos  //   14 hours of training

Free training week — 1,400+ on-demand courses and hands-on labs

Web Application Pentesting training

The first course in the learning path covers workstation setup, including installation and configuration of Burp Suite with the Firefox web browser. Certificate installation and proxy configurations are covered in order to allow newcomers to start pentesting immediately. The second course makes up the bulk of this learning path and focuses on the OWASP Top Ten vulnerabilities. Many real-world vulnerabilities are showcased for each of the ten topics and various demos are given on how to solve related challenges in both OWASP Juice Shop and Portswigger’s Web Security Academy. The third course covers a variety of pentesting tools and Burp extensions such as Turbo Intruder, Intruder File Payload Generator, SQLMap and many more. The fourth course closes out the learning path with pentesting advice, a path recap and a look at the final project.

Learning path components

 

What you’ll learn.

  • OWASP Top Ten vulnerability types as they relate to pentesting
  • Tools of the trade, namely Burp Suite professional edition, SQLMap and various Burp extensions
  • How to troubleshoot issues during the process of discovering and exploiting various vulnerability types
  • Pentesting dos and don’ts
  • How to fix or prevent various vulnerability types

Who is this for?

  • Entry to intermediate-level web app pentesters
  • Those wanting to become full-time web application pentesters
  • Those who are currently in a security role but want to understand how to conduct manual pentesting rather than relying solely on scanners
  • Those wanting to improve their odds of monetizing bug bounties
  • Developers who want to understand how to create more secure applications
  • Members of corporate security teams

Meet the author

Hans Petrich

Hans Petrich spent four years at DHS and the NSA defending military and government networks from cyberattacks before becoming the lead of Silent Break Security’s application pentesting team. Hans has been a full-time pentester for over four years and has taught private company training's as well as being a Black Hat USA instructor. Hans has discovered hundreds of vulnerabilities in many industries, including healthcare, government, law enforcement and financial institutions in the course of his job and as a long-time member of the Synack Red Team.

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

IDC MarketScape Leader: U.S. IT Training

IDC MarketScape Leader: U.S. IT Training

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.