Unlock the world of web application penetration testing with this hands-on course designed to provide practical expertise in identifying and exploiting vulnerabilities in web apps. Learn foundational web basics, including the anatomy of URLs, HTTP methods, and the critical infrastructure behind web applications. Explore databases, APIs, and CMS platforms to develop a robust understanding of how modern web apps function.
Hands-On Web App Pentesting
Gain insight into a topic and learn the fundamentals.
Intermediate level
Recommended experience
11 hours to complete
3 weeks at 3 hours a week
Flexible schedule
Learn at your own pace
What you'll learn
Analyze and exploit vulnerabilities like XSS, SQL Injection, and Command Injection.
Utilize tools like Burp Suite, OWASP ZAP, and SQLMap for pentesting.
Conduct manual inspections and vulnerability scanning to assess security.
Perform directory fuzzing and reconnaissance to map web application structures.
Details to know
Shareable certificate
Add to your LinkedIn profile
Recently updated!
January 2025
Assessments
4 assignments
Taught in English
See how employees at top companies are mastering in-demand skills
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 4 modules in this course
In this module, we will explore the fundamental building blocks of web applications, setting the stage for effective pentesting. You'll learn how URLs, HTTP methods, and APIs form the communication backbone of web apps. We'll also dive into the technologies that power web applications, including content management systems, databases, and other infrastructure essentials. By the end of this section, you'll have a solid grasp of web app basics, readying you for more advanced pentesting concepts.
What's included
7 videos1 reading
In this module, we will delve into the arsenal of tools commonly used in web application penetration testing. From user-friendly interfaces like web browsers and Burp Suite to specialized tools like Sublist3r and FFuF, you'll learn how to harness their power for discovering and exploiting vulnerabilities. We'll also explore tools tailored for specific tasks, such as Nikto for server scans, SQLMap for database probing, and WPScan for CMS vulnerabilities. By mastering these tools, you'll be well-equipped to uncover and address security flaws in any web application.
What's included
10 videos1 assignment
In this module, we will focus on the crucial initial phase of penetration testing: information gathering and reconnaissance. You will learn to conduct manual inspections to understand web application behavior, leverage vulnerability scanning tools to identify security flaws, and utilize directory fuzzing techniques to uncover hidden directories and resources. By mastering these reconnaissance techniques, you will be equipped to map the attack surface and lay a strong foundation for more advanced pentesting activities.
What's included
3 videos1 assignment
In this module, we will dive deep into the world of web application attacks, exploring a wide range of vulnerabilities and their exploitation. You'll learn how to identify and exploit weaknesses such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and Cross-Site Request Forgery (CSRF). Additionally, we will cover advanced attack techniques like Server-Side Request Forgery (SSRF), JSON Web Token (JWT) attacks, and Insecure Direct Object References (IDOR). By mastering these attacks, you will gain valuable hands-on experience and the skills necessary to assess and mitigate critical security threats in web applications.
What's included
13 videos2 assignments
Instructor
Offered by
Recommended if you're interested in Security
Coursera Project Network
LearnKartS
Why people choose Coursera for their career
Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."
New to Security? Start here.
Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.
If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.
Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.