3

Unit 3

Web Application Security

Unit Overview

Advanced web application security testing and tools. This unit focuses on professional-grade web security testing using industry-standard tools like Burp Suite.

5 Days • 13 Hours

Professional Tools

Burp Suite Setup & Basics

Configure Burp Suite as a proxy, intercept HTTPS traffic, and use Repeater for manual request testing

Burp ConceptsInstallationProxy SetupCertificate InstallationInterceptionRepeaterDecoder

SQL Injection & XSS

Master SQL injection techniques, automated testing with sqlmap, and Cross-Site Scripting vulnerabilities

SQL InjectionManual TestingsqlmapXSSBurp SuiteDVWA LabsPayload Testing

Advanced SQL injection techniques, sqlmap automation, and comprehensive exploitation methods

SQL InjectionManual TestingsqlmapAdvanced TechniquesPreventionLab Exercises

Directory Fuzzing & Burp Intruder

Discover hidden web directories using Gobuster, scan with Nikto, and perform automated attacks with Burp Intruder

Directory FuzzingGobusterNiktoBurp IntruderPassword AttacksBurp ScannerDVWA Labs

CSRF, IDOR & Broken Access Control

Master Cross-Site Request Forgery, Insecure Direct Object References, and access control bypass techniques with practical exploitation

CSRF AttacksBurp CSRF PoCIDOR ExploitationAccess Control BypassOWASP Top 10PortSwigger Labs

End of Course