Web Security Professional

Elevate your web security expertise with web security professional. This comprehensive course explores advanced subjects such as authentication attacks, mastering Cross-Site Scripting (XSS) techniques, Server-Side Request Forgery (SSRF), XML External Entity (XXE) injection, and much more.

(290 reviews)

Professional Level

35+ hours

Discount Save 16% on Ethical Hacking 101

Created by

Semicolon Academy

Everything You Need to Know – Watch Now!

This course includes

35+ Practical Learning Hours
268 On-Demand Video
55 Lab & Real World Example
Certificate of completion

$600

Enroll Now

Need assistance? WhatsApp us now!

What you'll learn

Gain a profound insight into the intricacies of web architecture.
Master the usage of Burp Suite to uncover and exploit security weaknesses effectively.
Identify and exploit authentication vulnerabilities to gain unauthorized access to webapps.
Exploiting web vulnerabilities like logical vulnerabilities, IDOR, CSRF, XSS, Injections, and more.
Exploiting vulnerabilities like XSS, LFI/RFI, SSRF, XXE injection, CVEs and File Upload Vulnerabilities.

Course Syllabus

Getting Started

Welcome to "WETH-201"

Chapter 1: Understanding The Web Architecture

Download Link (Resources)
What is Server?
Server - Demo
What is DNS?
DNS - Demo
Simple Web Application Architecture
HTTP REQUEST / RESPONSE
Web 2.0 | Frontend
Web 2.0 | Frontend - Demo
Web 2.0 | Backend
Web 2.0 | Backend - Demo
Cookies and Sessions
Web 2.0 | Backend | Cookie - Demo
Web 2.0 | Database
Web 2.0 | Database - Demo
Modern Web App Architecture | MPA
Hosting Your First Web APP
Web Application Logging
SPA & Demo
How Does The Backend Receive Data?
WEB API | RESTful & Demo
WEB API | GraphQL & Demo
WEB API | API Key & Demo
Web Socket
Web Server In a Network
Load Balancer
Web Caching
Content Delivery Networks (CDNs)
Web Application FireWall
Am I a Pro Web Developer Now?

Chapter 2: Mastering Burp Suite Techniques

Recap | Web App Basics
Recap | Live Demo
Proxy Tool
Burp Suite | Getting Started
Burp Suite Overview
HTTP History
Web Socket
Web Socket LAB
Filter | Settings Mode by Annotations
Filter | Settings mode by MimeType & File Extensions
Filter | Settings Mode by Search Term
Filter | Settings Mode by Status Code
Filter | Bambda mode
Target Site Scope
Target Site Scope | Import Settings
Target Site Map
Target Site Map | Practical
Target Site Map Filtering
Configuring Burp Suite With Browsers
Proxy Listeners
Intercepting HTTP and HTTPS traffic
SSL/TLS Pinning
Burp Certificate With Firefox
Warning
Burp Certificate With Chrome
Foxy Proxy
Foxy Proxy | Practical
Intercept Requests | Theoretical
Intercept Requests | Practical
Intercept Responses| Theoretical
Intercept Responses| Practical
Intercept Rules
Repeater
Repeater Manage Tabs
Match and Replace | Theoretical
Match and Replace | Practical
Match and Replace Program Policy
Decoder | Theoretical
Decoder | Practical
Decoder | Inspector
Intuder | Theoretical
Intuder | Practical
Intruder | Sniper
Intruder | Sniper | Practical
Intruder | Battering Ram
Intruder | Battering Ram | Practical
Intruder | Pitchfork
Intruder | Pitchfork | Practical
Inruder | Cluster bomb
Inruder | Cluster bomb | Practical
Comparer
BApp Store
Logger++
Troubleshooting
Should I Buy Burp Pro Now?
Ending

Chapter 3: Authentication Attacks

Getting Started
Authentication
Authorization
Authentication Vs Authorization
Authentication Types
Authentication Best Practices
Authentication OWASP Guidlines
Authentication Methods
Cookie Based Authentication
Cookie Based Authentication | Explore
Cookie Based Authentication Practicing
Session Management
Cookie Based Authentication | Set-Cookie
Cookie Based Authentication | Cookies Attach
Cookie Based Authentication | Explore
Cookie Attributes
Cookie Attributes | HttpOnly
Cookie Attributes | HttpOnly Real World Example
Cookie Attributes | Expires/Max-Age
Cookie Attributes | Secure
Cookie Attributes | Secure - Real World Example
Cookie Attributes | Domain
Cookie Attributes | Path
Cookie Attributes | SameSite Overview
Cross Site vs SameSite
Cross Site vs SameSite Challenge
Top Level Navigation
Embedded Content
Requests API
Cookie Attributes | Samesite Values
Cookie Attributes | SameSite None
Cookie Attributes | SameSite Strict
Cookie Attributes | SameSite Lax
Cookie Attributes | SameSite Summury
Cookie Attributes | Quiz
Cookie Attributes | SameSite Demo - Top Level Navigation
Cookie Attributes | SameSite Demo - Embedded Content
Cookie Attributes | SameSite Demo - API SOP/CORS
Cookie Attributes | Bug Validity
Cookies Attack - IDOR
Cookies Attack- IDOR Real World Example 1
Cookies Attack- IDOR Real World Example 2
Cookie Attacks - Injections
Cookie Attacks - Privilege Escalation
Token Based Authentication
Token vs Cookie-Based Authentication: Part 1
Token vs Cookie-Based Authentication: Part 2
Access Token - Facebook Live Demo
Access Token - Spotify Live Demo
Attacking Tokens Overview
Token Leakage - Vulnerable Endpoints
Token Leakage - 2FA
Token Leakage - Real World Example
Token Leakage - Source Code
Accessing Admin Panel - Real World Example 1
Shopify Real World Example
Token Leakage - Insecure Transmission Channel
Attacking Tokens - Brute Force Attack
Attacking Tokens - Privilege Escalation
Token Expiration
Token Expiration - Facebook
Instagram Permanent Access - Real-world Example
JWT
JWT - Header and Payload
JWT - Signature
JWT Demo
JWT - Burp Extensions
JWT LAB 1
JWT - Header Attack
JWT LAB 2
JWT Weak Key
JWT - Automation
JWT Real World Example
Ending

Chapter 4: Advanced XSS

XSS - Recap (Reflected & Stored)
DOM-Based XSS | What is DOM ?
DOM-Based XSS | Manipulating DOM Nodes
DOM-Based XSS | Sources & Sinks
DOM-Based XSS | Exploit Example
DOM-Based XSS | DOM vs Reflected
DOM-Based XSS | Lab 1
DOM-Based XSS | Lab 2
DOM-Based XSS | Real World Example 1
DOM-Based XSS | Real World Example 2
XSS - Quick Summary
Advanced XSS Exploitation
Input Validation & Output Encoding
Lab 3 | Output Encoding - Google Translate
Filter Evasion
LAB 4 | Filter Evasion Challenge - I
LAB 5 | Filter Evasion Challenge - II
LAB 6 | Filter Evasion Challenge - III
Content Security Policy (CSP)
Content Security Policy (CSP) | Examples
Content Security Policy (CSP)| Bypasses
Lab 7 | Reflected XSS protected by CSP, With CSP Bypass
CSP Real World Example
Exploring CSP Validator
Web Application Firewall (WAF)
Lab 8 | Bypassing WAF
WAF Bypasses Regex Advanced
Lab 9 | Stored DOM XSS
Lab 10 | Exploiting Clickjacking Vulnerability To Trigger DOM-Based XSS
Lab 11 | Exploiting XSS To Perform CSRF
Automating The Discovery of XSS
Resources and Tricks | Ending Video

Chapter 5: XML External Entity Injection XXE

Extensible Markup Language (XML)
XML File
Document Type Definition (DTD)
DTD - Elements
DTD - XML Internal Entities
DTD - XML External Entities
DTD - XML Parameter Entities
External DTD
XML Illegal Characters
XML External Entity (XXE) Injection - Impact - Severity
XXE Types: In Band XXE - Retrieve Files
XXE | LAB 1
In Band XXE | SSRF
XXE | LAB 2
BLIND | Out of Band XXE
LAB 3 & LAB 4
OOB XXE | Exfiltrating Files
XXE | LAB 5
Retrieve Special Files
BLIND | Error Based XEE
XXE | LAB 6
Controlling Part of The XML
XXE | LAB 7
Real World Example 1
Real World Example 2
Where To Search For XEE?
XXE Mitigation & Extra Resources

Show More Chapters

Learn from real hackers

Majd Dhainy

Course Instructor

Cybersecurity Researcher with a strong background in software engineering, specializing in securing web services, enhancing APIs, and addressing issues from requirements to deployment. Acknowledged for uncovering global vulnerabilities, listed on bug bounty Hall of Fames for Meta, Google, Revolut, LinkedIn, Medium, Trivago, and more.

Linkedin Facebook