Path icon Learning Paths
Skills

Web App Pen Testing

  • Number of Courses10 courses
  • Duration10 hours
  • Skill IQ available Skill IQ

This path covers the knowledge and skills required to operate as a Web Application Pen Tester.

 

Additionally, the skills covered directly align to the following CSWF, DCWF and Industry Roles:

Workforce Framework for Cybersecurity (NICE Framework) & DoD Cyber Workforce Framework Roles:

Industry Job Roles:

  • Penetration Tester
  • Vulnerability Analyst
  • Application Security Analyst

 

This path will cover the essential tasks of web application pen testing, walking through each phase of the methodology as if you are shadowing a live application pen test. The scenario will cover testing through an application, discovering and exploiting vulnerabilities found. In addition, there are many vulnerabilities that a web app pen tester should be able to identify and test for. Don't miss the specialized courses covering a deep-dive into each of these types of vulnerabilities.

Courses in this path

Web App Pen Testing

This path will cover the essential tasks of web application pen testing, walking through each phase of the methodology as if you are shadowing a live application pen test. The scenario will cover testing through an application, discovering and exploiting vulnerabilities found. In addition, there are many vulnerabilities that a web app pen tester should be able to identify and test for. Don't miss the specialized courses covering a deep-dive into each of these types of vulnerabilities.

Web App Pen Testing: Reconnaissance

  • by Tim Tomes
  • 1h 14m 39s Duration

Web App Pen Testing: Mapping

  • by Tim Tomes
  • 1h 49m 30s Duration

Specialized Web App Pen Testing

For a deeper dive into the OWASP Top 10

Specialized Testing: API Testing

  • by George Smith
  • 56m 28s Duration
  • 4.5  (52)

Specialized Testing: Command Injection

  • by Michael Edie
  • 1h 2m 33s Duration

Specialized Testing: XSS

  • by Christian Wenz
  • 1h 14m 39s Duration
  • 4.2  (13)

Specialized Testing: Sessions and Tokens

  • by Christian Wenz
  • 55m 56s Duration

Specialized Testing: CSRF

  • by Christian Wenz
  • 48m 23s Duration

Specialized Testing: Deserialization

  • by Peter Mosmans
  • 1h 1m 49s Duration

Specialized Testing: SQL Injection

  • by Christian Wenz
  • 1h 13m 37s Duration
  • 4.5  (13)

Web App Pen Testing Labs

In these labs, you will learn how attackers exploit vulnerabilities like XML External Entity (XXE) injection, broken access controls, insecure deserialization in ASP.NET ViewState, and Server-Side Template Injection (SSTI). You will practice identifying, exploiting, and understanding the attack chains that lead to privilege escalation and remote code execution. By completing these exercises, you will strengthen your ability to detect, prevent, and remediate critical web application security flaws.

Getting Started in the Lab Environment

  • by Aaron Rosenmund
  • 6m 8s Duration
  • 4.7  (21)

Learn with the best

Tim Tomes
Tim Tomes
Tim is a believer, husband, father, veteran, software developer, web application security engineer, and the founder of PractiSec (Practical Security Services). With extensive experience in web application security and software development, Tim currently conducts consultative engagements, manages multiple open source software projects (Recon-ng Framework, the HoneyBadger Geolocation Framework, PwnedHub, etc.), writes technical articles (lanmaster53.com), and frequently instructs and presents on s... more
George Smith
George Smith
George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo... more
Michael Edie
Michael Edie
Michael is a Senior Security Consultant with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates s... more
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet... more
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more

Join our learners and upskill
in leading technologies