All in One Offer! | Access Unlimited Courses in any category starting at just $29. Signup today. Offer Ends in: 3 Days!

Browse Library

Get Unlimited Learning Access
$29
3 days left at this price!
30-Day Money-Back Guarantee

It Includes

  • Get Full Access to the platform
  • Access upto 16000+ online courses
  • Play & Pause Course Viewing
  • HD Recorded Lectures
  • Access on Mobile/PC/Tablet
  • Includes Real Projects
  • Online iLab Access
  • Certificate of Completion
  • Download for offline viewing
  • Cancel Anytime
$29
  • Assess Web applications insecurities
  • Audit OWASP Top 10
  • Perform web security audits
  • Penetrate web applications
  • Perform bug hunting
  • Burp suite advanced
  • Analysing web apps with Burp suite
  • Be a Web app hacker!

This is highly practical and hands-on training for Web application penetration testing that covers the OWASP top 10 vulnerabilities to attack and secure.

Combining the most advanced techniques used by offensive hackers to exploit and secure.

[+] Course at a glance

  • Starting with various terminologies of web technologies such as, HTTP cookies, CORS, Same-origin-policy etc and ends with multiple resourceFs.
  • Once you get sufficient insights of web technologies, the second module covers the, Mapping of application for insecurities, with various tools and tricks with heavy usage of most advanced intercepting proxy "Burp Suite".
  • Mostly focused over serious vulnerabilities such as SQL Injection, Cross-site scripting, Cross-site request forgery, XML External Entity (XXE) attacks, Remote command Execution, Identifying load balancers, Metasploit for web applications, Advanced phishing attacks through XSS and more..

[+] Training Methodology

Every lesson starts with Finding and hunting for vulnerability by taking the points how developers make and secure the web application at the time of development, once we have the clear path of working of development phase to security, then we hunt for application business logics to attack. This is where most penetration testers failed in their own game.

"If i need to chop down a tree in six hours, i will use four hours to sharpen my axe and rest 2 hours to cut the tree"

The same strategy has been covered in this course. we start with getting around of web applications by making analysis of application and watching the working behavior of the same.

#This course has been adapted from our work experience at gray hat security.

[+] Course materials

  • Offline access to read PDF slides
  • 8+ Hours of Videos lessons
  • Self-paced HTML/Flash
  • Access from PC, TABLETS, SMARTPHONES.
  • 400+ PDF Slides

  • Basic knowledge of JavaScript and HTML
  • General security practitioners or Ethical hackers, security experts
  • Penetration testers, Web administrators
  • Database administrators
  • Web application developers, Website designers and architects
  • Ethical hackers
  • Cyber security enthusiasts
  • Network security enthusiasts
  • Data security enthusiasts
  • Web server hackers
  • Exploit writers
  • Secure coders
  • Administrators
  • Network administrators
  • Bug bounty hunters
View More...
  • Section 1 : BE PREPARED! 1 Lectures 00:11:38

    • Lecture 1 :
    • Web attack simulation Lab Preview
  • Section 2 : WEB APPLICATION TECHNOLOGIES 101 10 Lectures 00:55:15

    • Lecture 1 :
    • HTTP Protocol basics
    • Lecture 2 :
    • Encoding Schemes
    • Lecture 3 :
    • Same Origin Policy - SOP
    • Lecture 4 :
    • HTTP Cookies
    • Lecture 5 :
    • Cross-Origin resource sharing - CORS
    • Lecture 6 :
    • Web application proxy
    • Lecture 7 :
    • Web application architecture - PDF
    • Lecture 8 :
    • HTTP State Management Mechanism - RFC6265
    • Lecture 9 :
    • DNSSEC- RFC_3008
    • Lecture 10 :
    • Domain names concepts - rfc1034
  • Section 3 : MAPPING THE APPLICATIONS 10 Lectures 01:15:21

    • Lecture 1 :
    • Fingerprinting web servers
    • Lecture 2 :
    • DNS Analysis - Enumerating subdomains
    • Lecture 3 :
    • Metasploit for web application attacks
    • Lecture 4 :
    • Web technologies analysis in real time
    • Lecture 5 :
    • Outdated web application to server takeover
    • Lecture 6 :
    • BruteForcing Web applications
    • Lecture 7 :
    • Shodan HQ
    • Lecture 8 :
    • Harvesting the data
    • Lecture 9 :
    • Finding link of target with Maltego CE
    • Lecture 10 :
    • Finding target details and documents - by open source
  • Section 4 : CROSS-SITE SCRIPTING ATTACKS - XSS 14 Lectures 02:19:02

    • Lecture 1 :
    • Cross Site Scripting - XSS - PDF
    • Lecture 2 :
    • Cross site scripting 101
    • Lecture 3 :
    • Reflected XSS
    • Lecture 4 :
    • Persistent XSS
    • Lecture 5 :
    • DOM-Based XSS
    • Lecture 6 :
    • Website defacement through XSS
    • Lecture 7 :
    • Generating XSS attack payloads
    • Lecture 8 :
    • XSS in PHP, ASP & JS Code review
    • Lecture 9 :
    • Cookie stealing through XSS
    • Lecture 10 :
    • Advanced XSS phishing attacks
    • Lecture 11 :
    • Advanced XSS with BeEF attacks
    • Lecture 12 :
    • Advanced XSS attacks with Burp suite
    • Lecture 13 :
    • Advanced Burp Intruder attacks
    • Lecture 14 :
    • Codes for XSS phishing, cookie stealing and GUIDES
  • Section 5 : SQL INJECTION ATTACKS - EXPLOITATIONS 8 Lectures 01:39:43

    • Lecture 1 :
    • Introduction to SQL Injection
    • Lecture 2 :
    • Dangers of SQL Injections
    • Lecture 3 :
    • Hunting for SQL Injection vulnerabilities
    • Lecture 4 :
    • In-band SQL Injection attacks
    • Lecture 5 :
    • Blind SQL Injection attack in-action
    • Lecture 6 :
    • Exploiting SQL injection - SQLMap
    • Lecture 7 :
    • Fuzzing for SQL Injection - Burp Intruder
    • Lecture 8 :
    • Resources
  • Section 6 : CROSS SITE REQUEST FORGERY - XSRF 4 Lectures 00:38:58

    • Lecture 1 :
    • CSRF or XSRF attack methods
    • Lecture 2 :
    • Anti-CSRF Token methods
    • Lecture 3 :
    • Anti-CSRF token stealing-NOT easy
    • Lecture 4 :
    • CSRF Prevention cheetsheet
  • Section 7 : AUTHENTICATION & AUTHORIZATION ATTACKS 3 Lectures 00:25:52

    • Lecture 1 :
    • Simple Authentication bypass-hydra
    • Lecture 2 :
    • HTTP Verb Tampering
    • Lecture 3 :
    • HTTP parameter pollution - HPP
  • Section 8 : CLIENT SIDE SECURITY TESTING 2 Lectures 00:09:36

    • Lecture 1 :
    • Client side control bypass
    • Lecture 2 :
    • Web socket-rfc6455
  • Section 9 : FILE RELATED VULNERABILITIES 4 Lectures 00:33:54

    • Lecture 1 :
    • LFI & RFI attack
    • Lecture 2 :
    • Unrestricted file upload - content type
    • Lecture 3 :
    • Unrestricted file upload - extension
    • Lecture 4 :
    • Remote code execution using Shell Uploads
  • Section 10 : XML EXTERNAL ENTITY ATTACKS - XXE 2 Lectures 00:27:30

    • Lecture 1 :
    • XML Documents & database
    • Lecture 2 :
    • XXE attacks in action
  • Section 11 : EXTERNAL RESOURCES FOR WEBSITE AUDITING AND OTHERS 1 Lectures

    • Lecture 1 :
    • RESOURCES
  • How do i access the course after purchase?

    It's simple. When you sign up, you'll immediately have unlimited viewing of thousands of expert courses, paths to guide your learning, tools to measure your skills and hands-on resources like exercise files. There’s no limit on what you can learn and you can cancel at any time.
  • Are these video based online self-learning courses?

    Yes. All of the courses comes with online video based lectures created by certified instructors. Instructors have crafted these courses with a blend of high quality interactive videos, lectures, quizzes & real world projects to give you an indepth knowledge about the topic.
  • Can i play & pause the course as per my convenience?

    Yes absolutely & thats one of the advantage of self-paced courses. You can anytime pause or resume the course & come back & forth from one lecture to another lecture, play the videos mulitple times & so on.
  • How do i contact the instructor for any doubts or questions?

    Most of these courses have general questions & answers already covered within the course lectures. However, if you need any further help from the instructor, you can use the inbuilt Chat with Instructor option to send a message to an instructor & they will reply you within 24 hours. You can ask as many questions as you want.
  • Do i need a pc to access the course or can i do it on mobile & tablet as well?

    Brilliant question? Isn't it? You can access the courses on any device like PC, Mobile, Tablet & even on a smart tv. For mobile & a tablet you can download the Learnfly android or an iOS app. If mobile app is not available in your country, you can access the course directly by visting our website, its fully mobile friendly.
  • Do i get any certificate for the courses?

    Yes. Once you complete any course on our platform along with provided assessments by the instructor, you will be eligble to get certificate of course completion.
  • For how long can i access my course on the platform?

    You require an active subscription to access courses on our platform. If your subscription is active, you can access any course on our platform with no restrictions.
  • Is there any free trial?

    Currently, we do not offer any free trial.
  • Can i cancel anytime?

    Yes, you can cancel your subscription at any time. Your subscription will auto-renew until you cancel, but why would you want to?

146374 Course Views

2 Courses

Security Analyst | IT AUDITOR | Cyber laws expert | Author | Public speaker | CISSP Having more than 10 years of working experience in the information security field. Have trained more than 60k students on the topic of Information security & penetration testing in classroom mode and online across 168 countries. with expertise in web application penetration testing, i have performed several penetration tests and security audits, security analysis with private, governments and security agencies to help assist with to cope with cyber threats.
View More...
  • learn-nxtgen-hacking-with-technology

    Learn NxtGen Hacking with Technolog...

    By : Gopikrishna C

    Lectures 80 Beginner Level 8:29:27
  • tcp-ip-the-complete-course

    TCP/IP: The Complete Course

    By : Lazaro (Laz) Diaz

    Lectures 17 Beginner Level 1:52:18
  • voip-configuration-and-attacking-hacking

    VoIP Configuration and Attacking (H...

    By : Arpit Mittal

    Lectures 6 Beginner Level 0:10:40
  • cissp-certification-introduction

    CISSP- Certification Introduction

    By : MUKESH SINGH

    Lectures 18 Intermediate Level 2:4:20
  • practical-blockchain-smart-contracts-ethereum-solidity

    Practical Blockchain & Smart Contra...

    By : Abhilash Nelson

    Lectures 40 Beginner Level 4:56:0
  • complete-ethical-hacking-penetration-testing-for-web-apps

    Complete Ethical Hacking & Penetrat...

    By : Abhilash Nelson

    Lectures 30 Beginner Level 3:28:56
Sign Up & Start Learning
By signing up, you agree to our Terms of Use and Privacy Policy
Create New Password
Enter your email address and we'll send you a link to reset your password.