기본적인 웹 해킹 기법들을 가볍게 훑고 넘어간 느낌이다. 중간에 워게임도 다수 있어 공부한 내용을 복습하기에 좋다. 다만 생각보다 분량이 적어서 금방 끝나서, 웹 해킹 강의가 더 나왔으면 좋겠다.
Application Security Engineer
This Path is for those aiming to become application security engineers. This Path covers web application security assessments, vulnerability analysis, and security hardening from an attacker’s perspective to develop practical skills.
Application Security Engineer
This Path is for those aiming to become application security engineers. This Path covers web application security assessments, vulnerability analysis, and security hardening from an attacker’s perspective to develop practical skills.
Retail Price
4550 coins
When you subscribe
Free
0% Completed
Total 0 completed
Lecture
0 /82
82
Wargame
0 /34
34
Quiz
0 /33
33
The Lab is a practice and is not included in the overall progress.
Why It's Worth Your Time
Web application security goes beyond simply finding vulnerabilities; it requires a deep understanding of code, configuration, and architecture to systematically strengthen security. This Path is designed to teach not only the fundamentals of web application operations and major vulnerabilities but also advanced attack and bypass techniques through hands-on exercises. Learners will develop practical security skills and problem-solving abilities essential for real-world web development environments. It is ideal for building practical instincts needed for roles in security assessment, code review, and secure design. Additional Units will be updated progressively to match the learning flow.
Topics Covered
- Understanding Linux system environments: Linux shell, user management, and package installation
- Basics of web technology and cookie/session mechanisms
- Hands-on web service development using HTML and Flask
- Practical exercises on core web vulnerabilities: XSS, CSRF, SQLi, NoSQLi, Command/File Injection, SSRF
- Advanced client-side attack techniques: CSP bypass, DOM XSS, RPO, CSTI, CSS Injection
- Advanced server-side attack techniques: SQLi fingerprinting, WAF bypass
Recommended For
- Aspiring web application security engineers
- Those aiming for careers as security consultants or white-hat hackers
- Beginners who want to build skills in finding and analyzing real-world web vulnerabilities
- Those interested in web hacking and real-world security projects
Prerequisite Knowledge
- Basic computer skills
- Basic understanding of Python and HTML
- Experience working in CLI (Command Line Interface) environments
Unit Composition
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9Web BasicsBackground: WebBackground: HTTP/HTTPSLab: HTTP Request & ResponseQuiz: WebQuiz: HTTP/HTTPSWeb BrowserBackground: Web BrowserTools: Browser DevToolsQuiz: Web BrowserQuiz: Browser DevTools[Exercise] devtools-sourcesExercise: devtools-sourcesdevtools-sources
- 10Cookie & SessionBackground: Cookie & SessionLab: Cookie & SessionQuiz: Cookie & Session[Exercise] CookieExercise: Cookiecookie[Exercise] Cookie & SessionExercise: Cookie & Sessionsession-basicSame-Origin Policy (SOP)Mitigation: Same Origin PolicyLab: Same Origin PolicyQuiz: Same Origin Policy
- 11
- 12
- 13Learn essential skills and structures needed for building web services, by implementing login and bulletin board features using HTML and Flask.Background: DatabaseBackground: DatabaseExercise: Implement Login FunctionalityExercise: Implementing a Login FeatureExercise: Make Code Patterns CleanExercise: Making Clean Code PatternsExercise: Implement Bulletin Board FunctionalityExercise: Implementing the Simple Bulletin Board feature
- 14
- 15100Coin
Free with subscription
100CoinFree with subscription
Understand how CSRF, a client-side vulnerability, works, how it differs from XSS, and learn how to defend against it.Cross-Site Request Forgery (CSRF)ClientSide: CSRFLab: CSRFQuiz: CSRF[Exercise] CSRFExercise: CSRFcsrf-1[Exercise] CSRF-2Exercise: CSRF-2csrf-2 - 16200Coin
Free with subscription
200CoinFree with subscription
Understand SQL Injection and Blind SQL Injection, and their countermeasures through hands-on exercises.SQL InjectionBackground: Relational DBMSServerSide: SQL InjectionLab: SQL InjectionQuiz: SQL InjectionSQL DMLBackground: SQL DMLLab: SQL DMLQuiz: SQL DMLSQL FeaturesBackground: SQL FeaturesLab: Subquery-based SQL InjectionLab: Blind SQL InjectionLab: Union-based SQL InjectionQuiz: SQL Features[Exercise] SQL InjectionExercise: SQL InjectionExercise: Blind SQL Injectionsimple_sqli - 17100Coin
Free with subscription
100CoinFree with subscription
Learn the fundamentals of NoSQL databases and exercise NoSQL Injection attacks and defenses using MongoDB.NoSQL InjectionBackground: Non-Relational DBMSServerSide: NoSQL InjectionLab: NoSQL InjectionQuiz: NoSQL Injection[Exercise] NoSQL InjectionExercise: NoSQL InjectionMango - 18100Coin
Free with subscription
100CoinFree with subscription
Understand and learn Command Injection techniques and the input characteristics that cause them.Command Injection - Web ServersServerSide: Command InjectionLab: Command InjectionQuiz: Command Injection[Exercise] Command InjectionExercise: Command Injectioncommand-injection-1 - 19100Coin
Free with subscription
100CoinFree with subscription
Explore potential security vulnerabilities in file upload and download functionalities of web servers.File VulnerabilityServerSide: File VulnerabilityLab: File VulnerabilityQuiz: File Vulnerability[Exercise] File VulnerabilityExercise: File Vulnerabilityimage-storage[Exercise] File Vulnerability-2Exercise: File Vulnerability-2file-download-1 - 2050Coin
Free with subscription
50CoinFree with subscription
Learn how SSRF, a server-side vulnerability, works and how to defend against it through hands-on exercise.Server-Side Request Forgery (SSRF)ServerSide: SSRFQuiz: SSRF[Exercise] Server-Side Request Forgery (SSRF)Exercise: SSRFweb-ssrf - 21XSS Filtering Bypass - I[WHA-C] Exploit Tech: XSS Filtering Bypass - ILab: XSS Filter Bypass - String SubstitutionLab: XSS Filter Bypass - String DetectionQuiz: XSS Filtering Bypass - lXSS Filtering Bypass - II[WHA-C] Exploit Tech: XSS Filtering Bypass - IILab: XSS Filter Bypass - Javascript Function and Keyword FiltersQuiz: XSS Filtering Bypass - ll[Exercise] XSS Filtering Bypass[WHA-C] Exercise: XSS Filtering BypassXSS Filtering Bypass[Self-practice] XSS Filtering Bypass AdvancedXSS Filtering Bypass Advanced
- 22400Coin
Free with subscription
400CoinFree with subscription
Learn how Content Security Policy (CSP) helps defend against XSS attacks—and how it can be bypassed.Content Security Policy (CSP)[WHA-C] Background: Content Security PolicyQuiz: Content-Security-PolicyCSP Bypass[WHA-C] Exploit Tech: CSP BypassQuiz: CSP bypass[Exercise] CSP Bypass[WHA-C] Exercise: CSP BypassCSP Bypass[Self-practice] CSP Bypass AdvancedCSP Bypass Advanced - 23350Coin
Free with subscription
350CoinFree with subscription
Learn about CSRF defenses like CSRF tokens and CORS—and how attackers can bypass them.CSRF Token Misuse[WHA-C] Exploit Tech: CSRF Token MisuseQuiz: Misuse of CSRF TokenCORS Vulnerability[WHA-C] Exploit Tech: CORS VulnerabilityLab: postMessageQuiz: CORS Bypass[Exercise] CSRF Bypass[WHA-C] Exercise: CSRF AdvancedCSRF Advanced - 24200Coin
Free with subscription
200CoinFree with subscription
Understand CSTI vulnerabilities in frontend frameworks and learn how to exploit them for XSS attacks.Client-Side Template Injection (CSTI)[WHA-C] Exploit Tech: Client Side Template InjectionQuiz: Client Side Template Injection[Exercise] Client Side Template Injection[WHA-C] Exercise: Client Side Template InjectionClient Side Template Injection - 25
- 26250Coin
Free with subscription
250CoinFree with subscription
Explore Relative Path Overwrite (RPO) vulnerabilities and their related attacks.Relative Path Overwrite[WHA-C] Exploit Tech: Relative Path OverwriteQuiz: Relative Path Overwrite[Exercise] Relative Path Overwrite[WHA-C] Exercise: Relative Path OverwriteRelative Path Overwrite[Self-practice] Relative Path Overwrite AdvancedRelative Path Overwrite Advanced - 27200Coin
Free with subscription
200CoinFree with subscription
Explore DOM-related security vulnerabilities and attack methods.Document Object Model Vulnerability[WHA-C] Exploit Tech: Document Object Model VulnerabilityLab: DOM ClobberingQuiz: Document Object Model Vulnerability[Self-practice] DOM XSSDOM XSS - 28
- 29700Coin
Free with subscription
700CoinFree with subscription
Explore advanced SQL Injection techniques and WAF (Web Application Firewall) bypass strategies.Blind SQL Injection Advanced[WHA-S] ExploitTech: Blind SQL Injection AdvancedError & Time based SQL Injection[WHA-S] ExploitTech: Error & Time based SQL Injection[Exercise] Blind SQL Injection Advanced[WHA-S] Exercise: Blind SQL Injection Advancedblind sql injection advanced[Self-practice] Error & Time based Injectionerror based sql injectionBypass WAF[WHA-S] ExploitTech: Bypass WAFLab: WAF BypassDBMS Misconfiguration[WHA-S] Exploit Tech: DBMS MisconfigurationQuiz: DBMS Misconfiguration[Exercise] Bypass WAF[WHA-S] Exercise: Bypass WAFsql injection bypass WAF[Self-practice] Bypass WAF Advancedsql injection bypass WAF Advanced - 30
- 31500Coin
Free with subscription
500CoinFree with subscription
Learn in depth about security vulnerabilities and attack techniques targeting various NoSQL databases.CouchDB[WHA-S] ExploitTech: CouchDBMSMongoDB[WHA-S] ExploitTech: MongoDB DBMSLab: MongoDB InjectionLab: MongoDB Blind InjectionQuiz: MongoDB DBMSRedis[WHA-S] ExploitTech: Redis DBMSLab: Redis[Exercise] CouchDB[WHA-S] Exercise: CouchDBNoSQL-CouchDB[Self-practice] RedisphpMyRedis - 32250Coin
Free with subscription
250CoinFree with subscription
Explore command injection vulnerabilities and attack techniques across various environments.Command Injection for Linux[WHA-S] ExploitTech: Command Injection for LinuxCommand Injection for Windows[WHA-S] Background: Command Injection for WindowsQuiz: Command Injection for WindowsCommand Injection Vulnerability Cases[WHA-S] ExploitTech: Command Injection Vulnerability casesLab: PHP escapeshellcmd Command Injection[Exercise] Command Injection Advanced[WHA-S] Exercise: Command Injection AdvancedCommand Injection Advanced - 33650Coin
Free with subscription
650CoinFree with subscription
Learn about file upload/download vulnerabilities across various environments and how to exploit them.File Vulnerabilities for Windows[WHA-S] Background: File Vulnerabilities for WindowsQuiz: File Vulnerabilities for WindowsFile Vulnerabilities for Linux[WHA-S] Background: File Vulnerabilities for LinuxQuiz: File Vulnerabilities for LinuxFile Vulnerability Cases[WHA-S] ExploitTech: File Vulnerability cases[Exercise] File Vulnerability Advanced[WHA-S] Exercise: File Vulnerability AdvancedFile Vulnerability Advanced for linux[Self-practice] Apache htaccessApache htaccess
Reviews
Retail Price
4550 coins
When you subscribe
Free
0% Completed
Total 0 completed
Lecture
0 /82
82
Wargame
0 /34
34
Quiz
0 /33
33
The Lab is a practice and is not included in the overall progress.