Web Security | Cycerone

20 hours to complete

Scheduled hours: 5 hours
Estimated study hours: 15 hours

Advanced

Advanced experience required

Instructor

Matteo Golinelli
Researcher

Language

English, Italiano
Subtitles: English, Italiano

This course provides a structured introduction to web application security through a combination of concise theory and hands-on exercises. It is designed for learners with basic familiarity with web technologies and general cybersecurity concepts who want to develop practical skills in identifying and exploiting common web vulnerabilities. The course covers how web applications work at a fundamental level, including the HTTP protocol, and examines both server-side and client-side security issues. Topics include input validation flaws, file handling vulnerabilities, injection attacks, authentication and logic weaknesses, and browser-based attacks. Practical learning is delivered through a series of progressively challenging exercises that simulate real-world scenarios, where participants are required to analyse application behaviour, identify weaknesses, and apply appropriate exploitation techniques. After completing the course, participants will be able to systematically assess web applications for common security flaws, understand how these vulnerabilities can be exploited, and interpret the impact of successful attacks.

Learning Objectives

Analyse HTTP requests and responses to understand web application behaviour.
Identify and exploit common server-side vulnerabilities, including file disclosure, path traversal, and injection flaws.
Apply SQL injection techniques to extract and manipulate data in controlled environments.
Detect and exploit client-side vulnerabilities such as XSS and CSRF.
Evaluate application logic to identify authentication and business logic weaknesses.
Use systematic approaches to enumerate, test, and validate web application attacks.

Prerequisites

Knowledge of basic HTTP concepts
Familiarity with web applications
Basic experience with scripting languages (e.g., JavaScript and Python)
General knowledge of cybersecurity fundamentals.

Topics dealt with

Offensive SecuritySecure Development

Earn a certificate

A certificate of completion is available for this course. For more information, contact the course provider directly.

Build your expertise

This course is part of the following learning pathways: Secure Software & DevSecOps, Penetration Tester

Cybersecurity skills are not built in a single session. Following a structured learning pathway helps you develop a complete and consistent skill set: step by step, at your own pace.

Not sure where to start?

Learn how the Cycerone portal works, how courses and learning pathways are organized, and how to find the training opportunities that best match your needs.

Discover how it works