Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

Learn Web Application Pentesting

The Web Application Pentesting skill path teaches you how to discover and exploit vulnerabilities in Web apps. You'll learn how to use popular penetration testing tools to perform an analysis of Web applications, assess their weaknesses and better defend them from malicious attacks.

5 courses  //   23 videos  //   3 hours of training

Free training week — 600+ on-demand courses and hands-on labs

Web Application Pentesting training

This learning path focuses on building your Web application penetration testing skills. As you progress through five courses, you’ll learn about gaining access to Web apps by attacking session management and bypassing client-side controls, gathering intelligence and mapping applications for attack, sneaking malicious code into applications, and leveraging other methods and tools used by hackers. Upon completion, you’ll have the knowledge and skills necessary to successfully carry out a penetration test against Web applications.

Learning path components

Web Application Pentesting Project
Practice Exam
Web Application Pentesting Project

Web Application Pentesting Project

This project is built on a real bounty-based CTF challenge hosted by Infosec. Each of its levels represents a vulnerable Web application and is based on the OWASP Top Ten list of the most common web application security risks, including SQL injection, Cross-Site scripting (XSS), broken authentication and more. You’ll need to apply all your knowledge about web application vulnerabilities and use many different tools and browser utilities to solve the challenges.

Number of questions: 13

Web Application Pentesting Skill Assessment
Assessment
Web Application Pentesting Skill Assessment

Web Application Pentesting Skill Assessment

See how your Web Application Pentesting skills stack up against other professionals in your field.

Number of questions: 20

Introduction to Web Application Pentesting
Course
Introduction to Web Application Pentesting

Introduction to Web Application Pentesting

Begin your pentesting path with this foundational introduction to Web application pentesting, covering common threats, methodologies and more.

3 videos
19 minutes of training

Attacking Web Application Access Controls
Course
Attacking Web Application Access Controls

Attacking Web Application Access Controls

Learn to attack web application access controls with this course on attacking access control, attacking authentication, attacking session management and more.

4 videos
28 minutes of training

Target Identification and Application Mapping
Course
Target Identification and Application Mapping

Target Identification and Application Mapping

Take a closer look at target identification and application mapping with this course covering service identification, core defense mechanisms and more. Includes vocabulary and tools.

6 videos
55 minutes of training

Injection Attacks
Course
Injection Attacks

Injection Attacks

Learn what you need to know about injecting code or SQL queries into vulnerable applications in order to circumvent access controls. Includes vocabulary and examples.

2 videos
20 minutes of training

Common Attack Methods
Course
Common Attack Methods

Common Attack Methods

Think like a hacker with this course on common attack methods used for pentesting, including attacking Web services, cross-site scripting and exploiting logic flaws.

8 videos
37 minutes of training

 

What you’ll learn.

  • Web app pentesting methodologies
  • Exploiting Web app access controls
  • Gathering information on Web apps
  • SQL and code injection attacks
  • Other popular attacks, such as clickjacking and cross-site scripting
  • And more!

Who is this for?

A familiarity of penetesting concepts and a Security+ certification, or equivalent knowledge, are recommended.

This skill path is designed for:

  • Penetration testers
  • Cybersecurity consultants
  • Web application developers
  • Web administrators
  • Anyone with a desire to improve their Web application pentesting skills!

Plans and pricing

Personal

$299

Annually

Teams

$599 / license

Annually. Includes all content plus team admin and reporting.

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Infosec and Infosec Skills

Best Cybersecurity Education Provider and Best Security Education Platform

Infosec Skills

Most Innovative Product

Infosec Skills

Cyber Security Education and Training

Infosec Skills

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Cybersecurity Workforce Framework.

LX Labs

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.