Web applications are ubiquitous and plentiful. In fact, the web is the de facto delivery mechanism for both consumer-grade and business-critical functionality these days. As such, the web is also the most common target for application-level attacks.
This course describes the goals, processes and risks with Web Security Testing. It introduces students to the basics of Web Application architecture and web security testing including the OWASP Top 10 vulnerabilities. A portion of the course is dedicated to lab exercises where students are provided the opportunity to test for the most commonly occurring web based vulnerabilities.
The course also discusses other aspects of security testing including risk rating of findings, communicating findings to different groups and creating test plans.