Web Application Security
Find and fix web vulnerabilities โ the OWASP Top 10, injection, XSS, CSRF, authentication and access-control flaws, and secure coding practices.
100% Free ยท All lessons unlocked
Course Content
Foundations
Core concepts and groundwork
Broken Access Control and IDOR Vulnerabilities
Reading
Cryptographic Failures and Sensitive Data Exposure
Reading
Injection Flaws โ SQL, NoSQL, and OS Command Injection
Reading
Insecure Design versus Insecure Implementation
Reading
Security Misconfiguration and SSRF Basics
Reading
Practice โ Exploiting Access Control Bugs in OWASP Juice Shop
Exercise
Core Skills
Essential techniques and patterns
SQL Injection โ UNION, Blind, and Time-Based Attacks
Reading
Parameterised Queries and ORM-Safe Coding Patterns
Reading
Cross-Site Scripting โ Reflected, Stored, and DOM-Based
Reading
Content Security Policy and Output Encoding
Reading
Server-Side Template Injection (SSTI) Basics
Reading
Practice โ Finding and Patching SQLi and XSS in a Vulnerable App
Exercise
Applied Practice
Hands-on, real-world scenarios
Cross-Site Request Forgery and Same-Site Cookies
Reading
JWT Vulnerabilities โ Algorithm Confusion and Weak Signing
Reading
OAuth 2.0 and OIDC Implementation Flaws
Reading
Session Fixation, Hijacking, and Token Replay
Reading
Business Logic Flaws in Authentication Flows
Reading
Practice โ Breaking a Vulnerable JWT-Based Login System
Exercise
Advanced Topics
Deeper, more complex material
REST API Security Checklist โ OWASP API Top 10
Reading
Rate Limiting, Throttling, and Abuse Prevention
Reading
GraphQL Security โ Introspection and Depth Limiting
Reading
API Gateways, API Keys, and mTLS for Service-to-Service Auth
Reading
Mass Assignment and Excessive Data Exposure
Reading
Practice โ Securing a REST API with Rate Limits and Schema Validation
Exercise
Production & Scale
Building for the real world
Manual Secure Code Review Methodology
Reading
Static Application Security Testing with Semgrep
Reading
Dynamic Application Security Testing with OWASP ZAP
Reading
Dependency Scanning and Software Composition Analysis
Reading
Triage, False Positives, and Severity Scoring with CVSS
Reading
Practice โ Running SAST/DAST Scans and Triaging Findings
Exercise
Mastery & Capstone
Projects and final review
Project Brief โ Black-Box Assessment of a Vulnerable Web App
Reading
Recon and Mapping the Application Attack Surface
Exercise
Exploiting Injection, Auth, and API Vulnerabilities
Exercise
Remediating Findings and Re-Testing Fixes
Exercise
Capstone โ Pentest Report with Remediation Plan
Project
100% Free ยท All lessons unlocked
Topic Overview
What you'll learn
- Core concepts and fundamentals of Web Application Security
- Industry best practices and design patterns
- Hands-on exercises with real-world scenarios
- Performance optimization and advanced techniques
- Building production-ready applications