Claim your FREE 7-day trial

Learn Web Application Pentesting

The Web Application Pentesting skill path teaches you how to discover and exploit vulnerabilities in Web apps. You'll learn how to use popular penetration testing tools to perform an analysis of Web applications, assess their weaknesses and better defend them from malicious attacks.

5 courses  //   23 videos  //   3 hours of training

Web Application Pentesting training

This learning path focuses on building your Web application penetration testing skills. As you progress through five courses, you’ll learn about gaining access to Web apps by attacking session management and bypassing client-side controls, gathering intelligence and mapping applications for attack, sneaking malicious code into applications, and leveraging other methods and tools used by hackers. Upon completion, you’ll have the knowledge and skills necessary to successfully carry out a penetration test against Web applications.

Learning path components

Web Application Pentesting Project
Practice Exam
Web Application Pentesting Project

Web Application Pentesting Project

This project is built on a real bounty-based CTF challenge hosted by Infosec. Each of its levels represents a vulnerable Web application and is based on the OWASP Top Ten list of the most common web application security risks, including SQL injection, Cross-Site scripting (XSS), broken authentication and more. You’ll need to apply all your knowledge about web application vulnerabilities and use many different tools and browser utilities to solve the challenges.

Number of questions: 13

Introduction to Web Application Pentesting
Introduction to Web Application Pentesting

Introduction to Web Application Pentesting

Begin your pentesting path with this foundational introduction to Web application pentesting, covering common threats, methodologies and more.

3 videos
19 minutes of training

Attacking Web Application Access Controls
Attacking Web Application Access Controls

Attacking Web Application Access Controls

Learn to attack web application access controls with this course on attacking access control, attacking authentication, attacking session management and more.

4 videos
28 minutes of training

Target Identification and Application Mapping
Target Identification and Application Mapping

Target Identification and Application Mapping

Take a closer look at target identification and application mapping with this course covering service identification, core defense mechanisms and more. Includes vocabulary and tools.

6 videos
55 minutes of training

Injection Attacks
Injection Attacks

Injection Attacks

Learn what you need to know about injecting code or SQL queries into vulnerable applications in order to circumvent access controls. Includes vocabulary and examples.

2 videos
20 minutes of training

Common Attack Methods
Common Attack Methods

Common Attack Methods

Think like a hacker with this course on common attack methods used for pentesting, including attacking Web services, cross-site scripting and exploiting logic flaws.

8 videos
37 minutes of training


What you’ll learn.

  • Web app pentesting methodologies
  • Exploiting Web app access controls
  • Gathering information on Web apps
  • SQL and code injection attacks
  • Other popular attacks, such as clickjacking and cross-site scripting
  • And more!

Who is this for?

A familiarity of penetesting concepts and a Security+ certification, or equivalent knowledge, are recommended.

This skill path is designed for:

  • Penetration testers
  • Cybersecurity consultants
  • Web application developers
  • Web administrators
  • Anyone with a desire to improve their Web application pentesting skills!

You're in good company

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

Plans and pricing





$599 / license

Annually. Includes all content plus team admin and reporting.