Skip to content

Web Application Security Assessment

What you'll learn

This learning path will teach you how to scan your organizations' or beneficiaries' websites for potential vulnerabilities.

Last updated on: 20 August 2024

Modules

Start here

Introduction

Read the learning path overview, objectives, associated threats, and prerequisites

Module 1

Setup

We introduce and set up some key web security assessment tools

Module 2

Data Validation

Every web application accepts and processes untrusted input. Here we learn how to discover common vulnerabilities that take advantage thereof

Module 3

Authentication and Authorization

Many web apps will only allow particular users to view certain pieces of content and require them to log in or prove their identity in other ways. This subtopic looks into authentication and authorization, and possible vulnerabilities therein

Module 4

Application Logic and Related Vulnerabilities

There exist other types of vulnerabilities not covered in the above subtopics which could nonetheless be used to damage or gain unauthorized entry into a web app. We look at several of those

Module 5

Finding Web Application Vulnerabilities

Once you have learned about different types of vulnerabilities, it's time to look for them in the web applications you are testing! To start with and get some initial practice, you will test a deliberately vulnerable web application

Module 6

Refining Your Web Application Testing Process

Once you’ve figured out the fundamentals of finding vulnerabilities in websites, this subtopic will teach you a process to find those vulnerabilities more quickly and efficiently

Module 7

Automatic Vulnerability Discovery

In past subtopics, we looked at how to discover vulnerabilities by hand. Here, we explore tools that can help automate that process

Module 8

Next Steps

How to continue practicing and honing your web security assessment skills