What you'll learn:
- Understand the basics of Web Client-Server architecture and 3-tier enterprise application models
- Learn what APIs are, their structure, and how REST & SOAP APIs work in real-world systems
- Gain in-depth knowledge of HTTP/HTTPS protocols, headers, cookies, and request-response cycles
- Explore and analyze OWASP Top 10 Web & API vulnerabilities through real-time hands-on exercises
- Set up and test popular vulnerable applications like OWASP Juice Shop, Web Goat, Parabank, and more
- Perform port scanning using Nmap/Zenmap to discover open, filtered, and closed ports
- Install and use Burp Suite for performing manual security testing and penetration testing
- Capture, intercept, and tamper HTTP requests/responses using Burp tools like Proxy, Repeater, Intruder
- Scan REST and SOAP APIs for vulnerabilities using Vooki Security Testing Tool
- Test Android APK files for security flaws using Yazhini, Dex2Jar & JD-GUI
- Scan open-source code repositories for vulnerabilities using Snyk and interpret SAST reports
- Generate detailed security test reports for websites, APIs, and Android applications
IMPORTANT NOTE
Please Note: This course is pulled out from live sessions. So, you will hear student interactions as well. We recommend watching the free preview videos to ensure the teaching style and content meet your expectations before investing your time and money.
COURSEDESCRIPTION
This course offers an in-depth, hands-on journey into the world of Web Application and API Security Testing, combining foundational concepts with practical exercises using real-world vulnerable applications and industry-standard tools. From understanding the fundamentals of web architecture and HTTP protocols to exploring OWASP Top 10 vulnerabilities, the curriculum provides a comprehensive roadmap for mastering both Web and API security.
Learners will be introduced to various types of APIs including REST and SOAP, along with critical security testing techniques using tools like Burp Suite, Vooki, Yazhini, Nmap/Zenmap, and Snyk. You'll learn how to simulate attacks, identify vulnerabilities, and understand how enterprise applications function across front-end, back-end, and database layers.
Additionally, the course includes the setup and exploitation of popular intentionally vulnerable applications like OWASP Juice Shop, Web Goat, and more. With a strong focus on hands-on experience, the course also covers Android APK security testing and scanning open-source code for vulnerabilities.
Whether you're a beginner or a security enthusiast, this course will help you gain confidence in understanding, identifying, and mitigating security flaws in modern web applications and APIs.
