Certified Web Application Security Professional

Be an expert in web application security vulnerabilities & its exploitation with practical real time demonstrations covering OWASP Top 10 and various other vulnerabilities. At the end there is also a guide to start your Bug Bounty journey.


Course Type



Training Mode 


24 (Approx.)

60 HRS (Approx.)


Course Overview


Are you a pen tester who can test web applications? Are you good with web application scanners? Are you good at finding if a site is vulnerable to SQL injection and XSS? Do you know how to test for CSRF weaknesses? Have you heard about DOM XSS and Server-Side Request Forgeries? Have you tested applications for HTML5 Security? Maybe you have tried to find such vulnerabilities in the past but weren’t confident of your tools and approaches.

This 1-month course with complete hands-on exercises will teach you to exploit security vulnerabilities like never before. You will be able to identify, detect and exploit advanced attacks that you may be aware of but haven’t tried in real world security testing.

All of the above and more in a realistic scenario-based learning environment with the same tools’ attackers use to hack and compromise web applications on the Internet is what this course is all about.

Salient Features

Exciting Bonus


  • Importance of Web Application Security
  • Understanding Industrial Standards
  • What is OWASP?
  • Introduction to OWASP Top 10 Vulnerabilities
  • Introduction to Burp Suite
  • Understanding Information Gathering
  • What is WHOIS?
  • Information Gathering Tools
  • Search Like a Pro Using Google Dorks
  • What is SQL?
  • Basic Queries of SQL
  • Authentication Bypass using Basic SQL Injection
  • Advanced MySQL Injections
  • Advanced MSSQL Injections
  • Advanced Oracle Injections
  • Database Dumping using Advanced SQL Injection
  • Firewall Evasion Techniques for SQL Injection
  • Automated Tools
  • Practical Demonstration on Real Web Application
  • Account Lockout Mechanism
  • Enumeration Techniques
  • Captcha Bypass
  • Session Expiration
  • Logout Management
  • Concurrent Misconfigured Sessions
  • Practical Demonstration eSecurify Buggy Web Applications
  • Introduction to Cross Site Scripting
  • Types of Cross Site Scripting
  • Non-Persistent XSS
  • Persistent XSS
  • DOM Based XSS
  • Exploiting XSS to steal session cookies, csrf tokens,
  • Preventing XSS
  • Introduction to CSP
  • Practical Demonstration on Real Web Application
  • Introduction to IDOR Vulnerability
  • Finding out IDOR
  • Exploiting IDOR
  • Preventing IDOR
  • Practical Demonstration on Real Web Application
  • Arbitrary File Upload
  • Introduction to CORS
  • Exploiting CORS
  • Introduction to SOP
  • SOP Bypass
  • Introduction to HSTS
  • Exploiting HSTS
  • MITM Attack using Wireshark
  • Directory Listing
  • Practical Demonstration on Real Web Application
  • Full Path Disclosure
  • Cross Domain Referer Leakage
  • Robots.txt Disclosure
  • Practical Demonstration on Real Web Application
  • Introduction to Missing Functional Level Access Control
  • OTP Bypassing Techniques
  • Privilege Escalation
  • Practical Demonstration on Real Web Application
  • Introduction to Cross Site Request Forgery
  • Finding CSRF
  • Exploiting CSRF
  • Preventing CSRF
  • Practical Demonstration on Real Web Application
  • Introduction to 3rd Party Components
  • Finding 3rd Party Components
  • Exploiting 3rd Party Components
  • Preventing Using Components with Known Vulnerabilities
  • Practical Demonstration on Real Web Application
  • What are Redirects & Forwards?
  • Finding Redirects & Forwards
  • Exploiting Redirects & Forwards
  • Preventing Unvalidated Redirects & Forwards
  • Practical Demonstration on Real Web Application
  • Server Side Javascript Injection
  • Server Side Template Injection
  • Server Side Request Forgery
  • Cross Site Port Attack
  • XML External Entities (XXE) Attacks
  • Subdomain Takeover
  • Local File Inclusion
  • Host Header Attack
  • Homograph Attack
  • Race Condition Issue
  • What are Responsible Disclosure Programs?
  • What are Bug Bounty Programs?
  • Bug Bounty Platforms
  • How to Report a Bug to Company?
  • How to earn money (bounty) by reporting a legitimate bug?
  • Websites
  • Facebook Groups
  • LinkedIn Groups
  • Twitter Profiles
  • Course Complication Certificate


Upcoming Batches