Practical Web Application Security and Testing is an entry-level course on web application technologies, security considerations for web application development, and the web application penetration testing process. We begin with the basics of HTTP, servers, and clients, before moving through the OWASP Top 10 on our way to a full demonstration penetration test. We also cover the reporting process for web application assessments, so you’re prepared not only to conduct security assessments on web applications but also clearly and effectively communicate your findings.
Basic-Plus: Although we cover some advanced techniques, the course assumes no familiarity with web application penetration testing and only some knowledge of the Linux command line. This is a perfect starting point for beginning web hackers.
Who Should Take this Course?
- Aspiring Offensive Security Professionals should familiarize themselves with the design and function of web applications in order to effectively test them. Learning how to identify and exploit web vulnerabilities will broaden your possible career opportunities (and attack paths!).
- Aspiring Defensive Security Professionals will better understand how to protect web applications if they understand how they are attacked. Learning these concepts, techniques, and approaches will prepare defenders to discuss server and application defense with developers and system administrators.
- Web Application Developers will benefit from building their security muscle by seeing their code through the attackers’ eyes. Even if security is not your main job, keeping it in mind during development will benefit you, your team, and your users.
- Some familiarity with the Linux command line.
- Computer Requirements
- A computer capable of running a hypervisor—setup instructions are provided for Hyper-V and VirtualBox
- At least 16GB of RAM
- At least 50 GB of storage space
Course Curriculum - 9 Hours
- 4-1: OWASP Overview (3:51)
- 4-2: Broken Access Control (8:24)
- 4-3: Cryptographic Failures (10:45)
- 4-4: Injection - XSS (20:24)
- 4-5: Injection - SQLI (16:34)
- 4-6: Injection - Command Injection (4:56)
- 4-7: Insecure Design (22:57)
- 4-8: Security Misconfiguration (3:07)
- 4-9: Vulnerable and Outdated Components (8:22)
- 4-10: Identification and Authentication Failures (8:15)
- 4-11: Software and Data Integrity Failures (3:39)
- 4-12: Security Logging and Monitoring Failures (2:33)
- 4-13: Server-Side Request Forgery (1:28)
- 4-14: Extra Practice (1:41)
About the Instructor
Michael Taggart is a career technologist and educator, with over a decade of experience building software and IT systems and training others how to do the same. Currently a Senior Cybersecurity Analyst for UCLA Health, Taggart spends his days hunting and emulating threat actors. At night, he streams cybersecurity content on Twitch. Before pivoting to infosec, he had worked as a computer science instructor, contract web developer, and Director of Technology for multiple schools.
Taggart holds a Bachelor’s in English and Creative Writing from Ursinus College, and a Master’s Degree in Education Leadership from the University of Pennsylvania. Certifications include: LFCS, Security+, CISSP, eCTHPv2, eJPT, and eWPT.
Follow Michael on Social Media:
Practical Ethical Hacking - The Complete Course
Learn how to hack like a pro by a pro. 25 hours of up to date practical hacking techniques with absolutely no filler.
Windows Privilege Escalation for Beginners
Learn how to escalate privileges on Windows machines with absolutely no filler.
Linux Privilege Escalation for Beginners
Learn how to escalate privileges on Linux machines with absolutely no filler.
Open-Source Intelligence (OSINT) Fundamentals
Learn the ins and outs of Open Source Intelligence and step up your investigative game.
External Pentest Playbook
Learn to conduct an external network penetration test from start to finish
Practical Malware Analysis & Triage
Arm yourself with knowledge and bring the fight to the bad guys. Learn the state of the art of malware analysis and reverse engineering.
Python 201 For Hackers
Move beyond the basics and learn how to actively use Python as a Windows hacking tool
Practical Windows Forensics
Learn how to conduct a digital forensic investigation on a Windows system from start to finish
The Definitive GRC Analyst Master Class
Everything you need to know to dive into the cybersecurity GRC pool
Frequently Asked Questions
Can I get a refund if I'm unhappy with my purchase?
Yes. All courses come with a 3-day money-back guarantee.
Will I receive a certificate of completion when I finish a course?
Yes. All courses come with a certificate of completion.
Do the courses count as Continuing Education Units (CEUs)?
Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.
Do course purchases come with lifetime access?
Yes. You only pay once for our courses!
Can I migrate Udemy courses?
Unfortunately, we cannot migrate users from Udemy to the Academy. Udemy does not provide us with student enrollment information. The Udemy courses do receive quality of life updates and are still supported by our team. We apologize for any inconvenience.
What's the difference between purchasing a course and the All-Access Pass?
When a student purchases a course, either individually or with a bundle, they receive lifetime access to the course and its materials. When a student purchases the All-Access pass subscription, they receive access to all of our courses and content, but the access is removed once the monthly subscription ends.