Upskilling Training

Web Applications Security Testing

As web applications play a crucial role in modern business operations, they are often targeted by malicious actors seeking to exploit weaknesses and gain unauthorized access to sensitive data or disrupt services. Web application security is an ongoing process, as new threats and vulnerabilities continue to emerge. A proactive approach to web application security can help organizations maintain user trust, comply with regulations, and avoid costly data breaches or cyber-attacks.

Embark on a transformative journey into the realm of "Web Application Security Testing" with our specialized course. Navigate the intricacies of safeguarding digital assets as you unravel the methodologies, tools, and best practices for assessing and enhancing web application security. Through immersive hands-on experiences, gain mastery in uncovering vulnerabilities, thwarting potential breaches, and cultivating a robust cybersecurity posture. Equip yourself with the expertise to navigate the ever-evolving digital landscape and ensure the integrity of web-based systems in the face of relentless cyber threats.


Duration 4 days

Participants will able to learn

Attendees learn important security components of HTTP-based applications, the most common mistakes of a web application and how to discover them, how to avoid making these mistakes, and how to assure sustainable application security.

Who Should Attend?

  • Web Application Developers
  • Web Site Admins
  • IT Security Centre Personnel
  • Auditors
  • Cybersecurity Experts

Course Syllabus

    Web technologies & standards

  • OWASP Top 10
  • Information gathering & OSINT
  • Personal proxy
  • Input/output manipulation

    Injection Attacks

  • Command Injection
  • Local & Remote File Inclusion
  • Directory Traversal
  • SQL Injection
  • XSS (Cross-Site Scripting)
  • XML external entities (XXE)
  • Server-Side Request Forgery (SSRF)

    Authentication, Authorisation and Sessions flaws

  • Brute force & dictionary attacks
  • CAPTCHA & flaws
  • Privilege escalation
  • Session fixation

Configuration management & flaws

Business logic flaws

Proxy tools and Automatic Application Security Scanners


Basic knowledge of web technologies