Hands-On Web Application Testing

Cyber Toa’s Hands-On Web Application Testing course is for those wishing to learn the fundamentals of testing websites, APIs and web-apps against commonly exploited vulnerabilities, following the Open Web Application Security Project (or OWASP) methodology. With a range of interactive scenarios, case studies, videos and activities using real life situations so you can reflect on your own behavior and teach you about making the right choices.

The Hands-On Web Application Testing course is run through Cyber Toa’s E-Learning Platform.

Course Content

This course will teach you the fundamental principles of assessing web systems for commonly-exploited vulnerabilities. The course explains, in detail, the most common web vulnerabilities as reported in the 2017 OWASP Top 10 vulnerabilities report. It also covers a variety of manual and automated web vulnerability testing tools- such as ZAP (Zed Attack Proxy) and Arachni. Study of the course can also help to build the prerequisites to study more advanced IT security courses, including Cyber Toa’s Defensive Network Security course and the Cyber Toa Reconnaissance and Recovery course.

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises, and a comprehensive glossary.

The course includes:

  • OWASP Top 10 web vulnerabilities

  • ZAP testing fundamentals

  • WebGoat vulnerability learning tools

  • Authenticated Assessments


This course is aimed at IT professionals with (or seeking) job roles such as IT secuirty Analysts, Software Developers, Software Testers, Application Managers or Web Developers.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Know basic network terminology and functions, such as OSI model, topology etc

  • Know the fundamentals of modern web technologies, such as HTML5, CSS, SQL etc

  • Understand the basics of server-client interactions


On course completion, you will be able to:

  • Explain the top 10 most common web exploits and evaluate he risk they present to your application and organization

  • Use ZAP, Archni and other testing tools to assess the security of an existing web

  • Use the OWASP Application Security Verification Standard (ASVS v3) and the Security Knowledge Framework (SKT) to manually assess the security of a web application

  • Create a prioritized list of remediation recommendations based on the results of a web vulnerability assessment

  • Use the WebGoat learning resource to understand an application with known vulnerabilities

  • Understand the comparative risk to business that web vulnerabilities pose as compared to other common cyber security risks

Want to Secure Your Spot?

Want to Know More?