Attacking Web Applications

Course Description

Web applications are ubiquitous and plentiful. In fact, the web is the de facto delivery mechanism for both consumer-grade and business-critical functionality these days. As such, the web is also the most common target for application-level attacks.

This course describes the goals, processes and risks with Web Security Testing. It introduces students to the basics of Web Application architecture and web security testing including the OWASP Top 10 vulnerabilities. A portion of the course is dedicated to lab exercises where students are provided the opportunity to test for the most commonly occurring web based vulnerabilities.

The course also discusses other aspects of security testing including risk rating of findings, communicating findings to different groups and creating test plans.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Comprehend the basics of the HTTP protocol and other web-related technologies and standards
  • Use tools for intercepting and modifying HTTP traffic
  • Develop test strategies and execute tests to uncover the most important types of web application vulnerabilities
  • Communicate findings to developers and management to ensure that relevant findings are properly addressed


Delivery Format: Live traditional or virtual classroom

Duration: 8 Hours

Intended Audience:

  • Developers
  • QA and Testing
  • IS Security Team


Get more course information

250 / 250