WebApp Security Advanced


During this training, students will get knowledge and skills of the pentesters procedure to detect security vulnerabilities in web applications using a combination of manual and automated techniques and methods. Testing web-application security is not intuitive, and to be useful, you need an understanding of web application design, HTTP, JavaScript, browser behavior, and potentially other technologies.

Duration: 40 Hours

Target audience:

  • Security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers


  • ThinkCyber Level-2 Courses


  • Discovering and mitigating website vulnerabilities
  • Using tools to automate your tasks
  • Securing your web app from attacks


Module 1: Advanced Penetration Testing Skills

In this module, students will learn advanced techniques for a deeper understanding of the penetration testing on the WebApp. Also, how to work correctly in a local proxy environment without having to use a browser that can block us from partnering and not reveal all the information that the site itself shows.

  • Advanced Information Gathering
    o Website Spidering and Crawling
  • SpiderFoot
  • Finding Directories Using Curl
    o Revealing Website History
  • WayBack Machine
  • Archive.org
  • Google Cache
  • Shodan CLI Version History
    o Web Page Snapshots
  • Using NMAP Reporting
  • Shodan Website Screenshots
    o Data Extraction and Scrapping
  • Scrapy Framework
  • Apress – Python Module
  • Dirsearch and Wfuzz
  • Advanced Discovery
    o Understanding Advanced Methodologies
    o Crafting Discovery PowerShell Scripts
    o Weaponizing Curl and Wget in Discovery Scripts
    o Using Metasploit Framework Web Modules
  • Advanced Web Scanners
  • WMAP
    o Nmap NSE Scripts
  • HTTP Enumeration Methods
  • HTTP Request Fuzzing
  • DNS Bruting
  • Finding Backups and Dev Comments
  • Proxy Discover and Bruting

Module 2: Web Ethical Hacking

This module will teach the student how to delegate the hacking and testing capabilities of WebApp, explain how to handle the various results received and how to gain remote control of the system with common web attacks

Advanced Offensive Techniques

  • WebApp Vulnerabilities and Manual Techniques
  • RCE in Various Environments
  • Understanding SQL Injection Techniques Manually
  • Format String Vulnerabilities
  • Cross-Site Scripting (XSS)
  • WordPress Application Testing
    • Information Leakage and Directory Browsing
  • Understanding Steganography and Encryption
  • Error Messages
  • Common HTTP Feature
  • Information Control
  • Top Security Attacks
    • Command Injection
    • Directory traversal
    • Local File Inclusion (LFI)
    • Remote File Inclusion (RFI)
    • File Inclusion to Reverse Shell Techniques
    • Blind SQL Injection
    • The SQL Query to Reverse Shell Techniques

Module 3: Offensive JavaScript

This module will teach the student how to take the XSS attack and not just to high capabilities such as copying information to remote servers, creating listening, and remote connections using JavaScript language.

  • Offensive JavaScript
    o Social Engineering
  • XSS to Remote Server Logging
  • Capture Clicks
  • Keystroke Logging
  • Event Listener
    o Include External JS
  • Using JS
  • Replace the Banner Image
  • Stealing from Auto-Complete
    o CSRF with JS
  • Extracting CSRF Tokens
  • CSRF Token Stealing