Course Overview
Practical Web Application Security and Testing is an entry-level course on web application technologies, security considerations for web application development, and the web application penetration testing process. We begin with the basics of HTTP, servers, and clients, before moving through the OWASP Top 10 on our way to a full demonstration penetration test. We also cover the reporting process for web application assessments, so you’re prepared not only to conduct security assessments on web applications but also clearly and effectively communicate your findings.
Skill Level
Basic-Plus: Although we cover some advanced techniques, the course assumes no familiarity with web application penetration testing and only some knowledge of the Linux command line. This is a perfect starting point for beginning web hackers.
Who Should Take this Course?
- Aspiring Offensive Security Professionals should familiarize themselves with the design and function of web applications in order to effectively test them. Learning how to identify and exploit web vulnerabilities will broaden your possible career opportunities (and attack paths!).
- Aspiring Defensive Security Professionals will better understand how to protect web applications if they understand how they are attacked. Learning these concepts, techniques, and approaches will prepare defenders to discuss server and application defense with developers and system administrators.
- Web Application Developers will benefit from building their security muscle by seeing their code through the attackers’ eyes. Even if security is not your main job, keeping it in mind during development will benefit you, your team, and your users.
Requirements
- Some familiarity with the Linux command line.
- Computer Requirements
- A computer capable of running a hypervisor—setup instructions are provided for Hyper-V and VirtualBox
- At least 16GB of RAM
- At least 50 GB of storage space
Course Curriculum - 9 Hours
- 4-1: OWASP Overview (3:51)
- 4-2: Broken Access Control (8:24)
- 4-3: Cryptographic Failures (10:45)
- 4-4: Injection - XSS (20:24)
- 4-5: Injection - SQLI (16:34)
- 4-6: Injection - Command Injection (4:56)
- 4-7: Insecure Design (22:57)
- 4-8: Security Misconfiguration (3:07)
- 4-9: Vulnerable and Outdated Components (8:22)
- 4-10: Identification and Authentication Failures (8:15)
- 4-11: Software and Data Integrity Failures (3:39)
- 4-12: Security Logging and Monitoring Failures (2:33)
- 4-13: Server-Side Request Forgery (1:28)
- 4-14: Extra Practice (1:41)
About the Instructor
Michael Taggart is a career technologist and educator, with over a decade of experience building software and IT systems and training others how to do the same. Currently a Senior Cybersecurity Analyst for UCLA Health, Taggart spends his days hunting and emulating threat actors. At night, he streams cybersecurity content on Twitch. Before pivoting to infosec, he had worked as a computer science instructor, contract web developer, and Director of Technology for multiple schools.
Taggart holds a Bachelor’s in English and Creative Writing from Ursinus College, and a Master’s Degree in Education Leadership from the University of Pennsylvania. Certifications include: LFCS, Security+, CISSP, eCTHPv2, eJPT, and eWPT.
Follow Michael on Social Media:
Twitter: https://twitter.com/mttaggart
Twitch: https://twitch.tv/mttaggart
YouTube: https://youtube.com/taggarttech
GitHub: https://github.com/mttaggart
Blog: https://taggart-tech.com
Mastodon: https://fosstodon.org/web/@mttaggart
Featured Courses
Frequently Asked Questions
Can I get a refund if I'm unhappy with my purchase?
Yes. All courses come with a 3-day money-back guarantee.
Will I receive a certificate of completion when I finish a course?
Yes. All courses come with a certificate of completion.
Do the courses count as Continuing Education Units (CEUs)?
Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.
Do course purchases come with lifetime access?
Yes. You only pay once for our courses!
Can I migrate Udemy courses?
Unfortunately, we cannot migrate users from Udemy to the Academy. Udemy does not provide us with student enrollment information. The Udemy courses do receive quality of life updates and are still supported by our team. We apologize for any inconvenience.
What's the difference between purchasing a course and the All-Access Pass?
When a student purchases a course, either individually or with a bundle, they receive lifetime access to the course and its materials. When a student purchases the All-Access pass subscription, they receive access to all of our courses and content, but the access is removed once the monthly subscription ends.