Application Security Engineer
10.0
(1)
Tier 2 Easy Job Role Path Web Hacking
This Path is for those aiming to become application security engineers. This Path covers web application security assessments, vulnerability analysis, and security hardening from an attacker’s perspective to develop practical skills.
Application Security Engineer
10.0
(1)
Tier 2 Easy Job Role Path Web Hacking
This Path is for those aiming to become application security engineers. This Path covers web application security assessments, vulnerability analysis, and security hardening from an attacker’s perspective to develop practical skills.
Retail Price
4550 coins
When you subscribe
Free
0% Completed Total 0 completed
Lecture 0 /82
82
Wargame 0 /34
34
Quiz 0 /33
33
You can access locked objectives by upgrading your plan or purchasing the units separately.
The Lab is a practice and is not included in the overall progress.

Why It's Worth Your Time

Web application security goes beyond simply finding vulnerabilities; it requires a deep understanding of code, configuration, and architecture to systematically strengthen security. This Path is designed to teach not only the fundamentals of web application operations and major vulnerabilities but also advanced attack and bypass techniques through hands-on exercises. Learners will develop practical security skills and problem-solving abilities essential for real-world web development environments. It is ideal for building practical instincts needed for roles in security assessment, code review, and secure design. Additional Units will be updated progressively to match the learning flow.

Topics Covered

  • Understanding Linux system environments: Linux shell, user management, and package installation
  • Basics of web technology and cookie/session mechanisms
  • Hands-on web service development using HTML and Flask
  • Practical exercises on core web vulnerabilities: XSS, CSRF, SQLi, NoSQLi, Command/File Injection, SSRF
  • Advanced client-side attack techniques: CSP bypass, DOM XSS, RPO, CSTI, CSS Injection
  • Advanced server-side attack techniques: SQLi fingerprinting, WAF bypass

Recommended For

  • Aspiring web application security engineers
  • Those aiming for careers as security consultants or white-hat hackers
  • Beginners who want to build skills in finding and analyzing real-world web vulnerabilities
  • Those interested in web hacking and real-world security projects

Prerequisite Knowledge

  • Basic computer skills
  • Basic understanding of Python and HTML
  • Experience working in CLI (Command Line Interface) environments
Unit Composition
Total 33 units
  1. 1
    9.9
    (34)
    Free
    9.9
    (34)
    Free
    Learn the fundamental concepts of computer science that form the basis of hacking.
    Computer Science Basics
    Computer Science Basics
    64se64
  2. 2
    9.8
    (129)
    Free
    9.8
    (129)
    Free
    Learn how to set up a Linux environment on Apple Silicon Mac and Windows.
    Environment Setup for Linux
    Environment Setup for Linux
  3. 3
    9.6
    (129)
    Free
    9.6
    (129)
    Free
    Learn about the roles and types of shells, and examine the characteristics of commonly used Linux shells such as sh, bash, dash, and zsh.
    Linux Shell
    Linux Shell
  4. 4
    9.8
    (74)
    Free
    9.8
    (74)
    Free
    Learn about files and directories in Linux, and become familiar with basic commands for managing them.
    Linux Files and Directories
    Files and Directories
    Lab: Linux - File
    Pro
    Lab: Linux - Directory
    Pro
  5. 5
    9.8
    (45)
    Free
    9.8
    (45)
    Free
    Learn about environment variables in Linux and become familiar with basic commands used to manage them.
    Linux Environment Variable
    Environment Variables
  6. 6
    9.8
    (40)
    Free
    9.8
    (40)
    Free
    Understand how file and user permissions are managed in Linux, and learn commands related to user and group management.
    Users and Groups
    Users and Groups
    Lab: Linux - User
    Pro
  7. 7
    9.7
    (40)
    Free
    9.7
    (40)
    Free
    Understand what packages are in Linux and learn how to manage them using the `apt` and `apt-get` commands.
    APT Package Management
    APT Package Management
  8. 8
    9.6
    (18)
    Free
    9.6
    (18)
    Free
    Learn the basic usage of Vim, a widely used text editor in the Linux CUI environment.
    Vim
    Editor
  9. 9
    9.8
    (82)
    Free
    9.8
    (82)
    Free
    Explore the evolution of web communication, protocols, and browser functionalities.
    Web Basics
    Background: Web
    Background: HTTP/HTTPS
    Lab: HTTP Request & Response
    Pro
    Quiz: Web
    Quiz: HTTP/HTTPS
    Web Browser
    Background: Web Browser
    Tools: Browser DevTools
    Quiz: Web Browser
    Quiz: Browser DevTools
    [Exercise] devtools-sources
    Exercise: devtools-sources
    devtools-sources
  10. 10
    9.7
    (94)
    Free
    9.7
    (94)
    Free
    Understand key web security concepts such as cookies, sessions, SOP, and CORS.
    Cookie & Session
    Background: Cookie & Session
    Lab: Cookie & Session
    Pro
    Quiz: Cookie & Session
    [Exercise] Cookie
    Exercise: Cookie
    cookie
    [Exercise] Cookie & Session
    Exercise: Cookie & Session
    session-basic
    Same-Origin Policy (SOP)
    Mitigation: Same Origin Policy
    Lab: Same Origin Policy
    Pro
    Quiz: Same Origin Policy
  11. 11
    Free
    9.9
    (37)
    Free
    Learn the basic concepts and syntax of HTML, and gain hands-on experience building web pages through exercises.
    Background: HTML
    Background: HTML
  12. 12
    Learn what a web server is, then explore Flask — a web framework used to build web servers.
    Background: Flask
    Background: Flask
  13. 13
    Learn essential skills and structures needed for building web services, by implementing login and bulletin board features using HTML and Flask.
    Background: Database
    Background: Database
    Exercise: Implement Login Functionality
    Exercise: Implementing a Login Feature
    Exercise: Make Code Patterns Clean
    Exercise: Making Clean Code Patterns
    Exercise: Implement Bulletin Board Functionality
    Exercise: Implementing the Simple Bulletin Board feature
  14. 14
    9.7
    (33)
    Free
    9.7
    (33)
    Free
    Learn about XSS, a client-side vulnerability, and how to defend against it.
    Cross-Site Scripting (XSS)
    ClientSide: XSS
    Lab: Basic XSS
    Pro
    Quiz: XSS
    [Exercise] XSS
    Exercise: XSS
    xss-1
    [Exercise] XSS-2
    Exercise: XSS-2
    xss-2
  15. 15
    10.0
    (24)
    100
    Coin
    Free with subscription
    10.0
    (24)
    100
    Coin
    Free with subscription
    Understand how CSRF, a client-side vulnerability, works, how it differs from XSS, and learn how to defend against it.
    Cross-Site Request Forgery (CSRF)
    ClientSide: CSRF
    Lab: CSRF
    Pro
    Quiz: CSRF
    [Exercise] CSRF
    Exercise: CSRF
    csrf-1
    [Exercise] CSRF-2
    Exercise: CSRF-2
    csrf-2
  16. 16
    9.7
    (22)
    200
    Coin
    Free with subscription
    9.7
    (22)
    200
    Coin
    Free with subscription
    Understand SQL Injection and Blind SQL Injection, and their countermeasures through hands-on exercises.
    SQL Injection
    Background: Relational DBMS
    ServerSide: SQL Injection
    Lab: SQL Injection
    Pro
    Quiz: SQL Injection
    SQL DML
    Background: SQL DML
    Lab: SQL DML
    Pro
    Quiz: SQL DML
    SQL Features
    Background: SQL Features
    Lab: Subquery-based SQL Injection
    Pro
    Lab: Blind SQL Injection
    Pro
    Lab: Union-based SQL Injection
    Pro
    Quiz: SQL Features
    [Exercise] SQL Injection
    Exercise: SQL Injection
    Exercise: Blind SQL Injection
    simple_sqli
  17. 17
    10.0
    (11)
    100
    Coin
    Free with subscription
    10.0
    (11)
    100
    Coin
    Free with subscription
    Learn the fundamentals of NoSQL databases and exercise NoSQL Injection attacks and defenses using MongoDB.
    NoSQL Injection
    Background: Non-Relational DBMS
    ServerSide: NoSQL Injection
    Lab: NoSQL Injection
    Pro
    Quiz: NoSQL Injection
    [Exercise] NoSQL Injection
    Exercise: NoSQL Injection
    Mango
  18. 18
    10.0
    (12)
    100
    Coin
    Free with subscription
    10.0
    (12)
    100
    Coin
    Free with subscription
    Understand and learn Command Injection techniques and the input characteristics that cause them.
    Command Injection - Web Servers
    ServerSide: Command Injection
    Lab: Command Injection
    Pro
    Quiz: Command Injection
    [Exercise] Command Injection
    Exercise: Command Injection
    command-injection-1
  19. 19
    10.0
    (12)
    100
    Coin
    Free with subscription
    10.0
    (12)
    100
    Coin
    Free with subscription
    Explore potential security vulnerabilities in file upload and download functionalities of web servers.
    File Vulnerability
    ServerSide: File Vulnerability
    Lab: File Vulnerability
    Pro
    Quiz: File Vulnerability
    [Exercise] File Vulnerability
    Exercise: File Vulnerability
    image-storage
    [Exercise] File Vulnerability-2
    Exercise: File Vulnerability-2
    file-download-1
  20. 20
    50
    Coin
    Free with subscription
    10.0
    (4)
    50
    Coin
    Free with subscription
    Learn how SSRF, a server-side vulnerability, works and how to defend against it through hands-on exercise.
    Server-Side Request Forgery (SSRF)
    ServerSide: SSRF
    Quiz: SSRF
    [Exercise] Server-Side Request Forgery (SSRF)
    Exercise: SSRF
    web-ssrf
  21. 21
    10.0
    (2)
    Free
    10.0
    (2)
    Free
    Explore XSS filtering and bypass techniques.
    XSS Filtering Bypass - I
    [WHA-C] Exploit Tech: XSS Filtering Bypass - I
    Lab: XSS Filter Bypass - String Substitution
    Pro
    Lab: XSS Filter Bypass - String Detection
    Pro
    Quiz: XSS Filtering Bypass - l
    XSS Filtering Bypass - II
    [WHA-C] Exploit Tech: XSS Filtering Bypass - II
    Lab: XSS Filter Bypass - Javascript Function and Keyword Filters
    Pro
    Quiz: XSS Filtering Bypass - ll
    [Exercise] XSS Filtering Bypass
    [WHA-C] Exercise: XSS Filtering Bypass
    XSS Filtering Bypass
    [Self-practice] XSS Filtering Bypass Advanced
    XSS Filtering Bypass Advanced
  22. 22
    10.0
    (2)
    400
    Coin
    Free with subscription
    10.0
    (2)
    400
    Coin
    Free with subscription
    Learn how Content Security Policy (CSP) helps defend against XSS attacks—and how it can be bypassed.
    Content Security Policy (CSP)
    [WHA-C] Background: Content Security Policy
    Quiz: Content-Security-Policy
    CSP Bypass
    [WHA-C] Exploit Tech: CSP Bypass
    Quiz: CSP bypass
    [Exercise] CSP Bypass
    [WHA-C] Exercise: CSP Bypass
    CSP Bypass
    [Self-practice] CSP Bypass Advanced
    CSP Bypass Advanced
  23. 23
    9.6
    (5)
    350
    Coin
    Free with subscription
    9.6
    (5)
    350
    Coin
    Free with subscription
    Learn about CSRF defenses like CSRF tokens and CORS—and how attackers can bypass them.
    CSRF Token Misuse
    [WHA-C] Exploit Tech: CSRF Token Misuse
    Quiz: Misuse of CSRF Token
    CORS Vulnerability
    [WHA-C] Exploit Tech: CORS Vulnerability
    Lab: postMessage
    Pro
    Quiz: CORS Bypass
    [Exercise] CSRF Bypass
    [WHA-C] Exercise: CSRF Advanced
    CSRF Advanced
  24. 24
    200
    Coin
    Free with subscription
    9.4
    (5)
    200
    Coin
    Free with subscription
    Understand CSTI vulnerabilities in frontend frameworks and learn how to exploit them for XSS attacks.
    Client-Side Template Injection (CSTI)
    [WHA-C] Exploit Tech: Client Side Template Injection
    Quiz: Client Side Template Injection
    [Exercise] Client Side Template Injection
    [WHA-C] Exercise: Client Side Template Injection
    Client Side Template Injection
  25. 25
    9.0
    (1)
    200
    Coin
    Free with subscription
    9.0
    (1)
    200
    Coin
    Free with subscription
    Explore CSS Injection techniques for web page UI manipulation and data exfiltration.
    CSS Injection
    [WHA-C] Exploit Tech: CSS Injection
    Lab: CSS Injection
    Pro
    Quiz: CSS Injection
    [Self-practice] CSS Injection
    CSS Injection
  26. 26
    0.0
    (0)
    250
    Coin
    Free with subscription
    0.0
    (0)
    250
    Coin
    Free with subscription
    Explore Relative Path Overwrite (RPO) vulnerabilities and their related attacks.
    Relative Path Overwrite
    [WHA-C] Exploit Tech: Relative Path Overwrite
    Quiz: Relative Path Overwrite
    [Exercise] Relative Path Overwrite
    [WHA-C] Exercise: Relative Path Overwrite
    Relative Path Overwrite
    [Self-practice] Relative Path Overwrite Advanced
    Relative Path Overwrite Advanced
  27. 27
    0.0
    (0)
    200
    Coin
    Free with subscription
    0.0
    (0)
    200
    Coin
    Free with subscription
    Explore DOM-related security vulnerabilities and attack methods.
    Document Object Model Vulnerability
    [WHA-C] Exploit Tech: Document Object Model Vulnerability
    Lab: DOM Clobbering
    Pro
    Quiz: Document Object Model Vulnerability
    [Self-practice] DOM XSS
    DOM XSS
  28. 28
    10.0
    (2)
    200
    Coin
    Free with subscription
    10.0
    (2)
    200
    Coin
    Free with subscription
    Learn how to bypass SOP using the XS-Search attack technique and extract sensitive information.
    XS-Search
    [WHA-C] Exploit Tech: XS-Search
    Quiz: XS-Search
    [Exercise] XS-Search
    [WHA-C] Exercise: XS-Search
    XS-Search
  29. 29
    0.0
    (0)
    700
    Coin
    Free with subscription
    0.0
    (0)
    700
    Coin
    Free with subscription
    Explore advanced SQL Injection techniques and WAF (Web Application Firewall) bypass strategies.
    Blind SQL Injection Advanced
    [WHA-S] ExploitTech: Blind SQL Injection Advanced
    Error & Time based SQL Injection
    [WHA-S] ExploitTech: Error & Time based SQL Injection
    [Exercise] Blind SQL Injection Advanced
    [WHA-S] Exercise: Blind SQL Injection Advanced
    blind sql injection advanced
    [Self-practice] Error & Time based Injection
    error based sql injection
    Bypass WAF
    [WHA-S] ExploitTech: Bypass WAF
    Lab: WAF Bypass
    Pro
    DBMS Misconfiguration
    [WHA-S] Exploit Tech: DBMS Misconfiguration
    Quiz: DBMS Misconfiguration
    [Exercise] Bypass WAF
    [WHA-S] Exercise: Bypass WAF
    sql injection bypass WAF
    [Self-practice] Bypass WAF Advanced
    sql injection bypass WAF Advanced
  30. 30
    Free
    9.7
    (11)
    Free
    Explore SQL Injection techniques for database fingerprinting and information gathering.
    System Table Fingerprinting
    [WHA-S] ExploitTech: System Table Fingerprinting
    Quiz: System Table Fingerprinting
    DBMS Fingerprinting
    [WHA-S] ExploitTech: DBMS Fingerprinting
    Quiz: DBMS Fingerprinting
  31. 31
    0.0
    (0)
    500
    Coin
    Free with subscription
    0.0
    (0)
    500
    Coin
    Free with subscription
    Learn in depth about security vulnerabilities and attack techniques targeting various NoSQL databases.
    CouchDB
    [WHA-S] ExploitTech: CouchDBMS
    MongoDB
    [WHA-S] ExploitTech: MongoDB DBMS
    Lab: MongoDB Injection
    Pro
    Lab: MongoDB Blind Injection
    Pro
    Quiz: MongoDB DBMS
    Redis
    [WHA-S] ExploitTech: Redis DBMS
    Lab: Redis
    Pro
    [Exercise] CouchDB
    [WHA-S] Exercise: CouchDB
    NoSQL-CouchDB
    [Self-practice] Redis
    phpMyRedis
  32. 32
    250
    Coin
    Free with subscription
    10.0
    (1)
    250
    Coin
    Free with subscription
    Explore command injection vulnerabilities and attack techniques across various environments.
    Command Injection for Linux
    [WHA-S] ExploitTech: Command Injection for Linux
    Command Injection for Windows
    [WHA-S] Background: Command Injection for Windows
    Quiz: Command Injection for Windows
    Command Injection Vulnerability Cases
    [WHA-S] ExploitTech: Command Injection Vulnerability cases
    Lab: PHP escapeshellcmd Command Injection
    Pro
    [Exercise] Command Injection Advanced
    [WHA-S] Exercise: Command Injection Advanced
    Command Injection Advanced
  33. 33
    650
    Coin
    Free with subscription
    0.0
    (0)
    650
    Coin
    Free with subscription
    Learn about file upload/download vulnerabilities across various environments and how to exploit them.
    File Vulnerabilities for Windows
    [WHA-S] Background: File Vulnerabilities for Windows
    Quiz: File Vulnerabilities for Windows
    File Vulnerabilities for Linux
    [WHA-S] Background: File Vulnerabilities for Linux
    Quiz: File Vulnerabilities for Linux
    File Vulnerability Cases
    [WHA-S] ExploitTech: File Vulnerability cases
    [Exercise] File Vulnerability Advanced
    [WHA-S] Exercise: File Vulnerability Advanced
    File Vulnerability Advanced for linux
    [Self-practice] Apache htaccess
    Apache htaccess
Reviews
10.0 (1)
20 days ago

기본적인 웹 해킹 기법들을 가볍게 훑고 넘어간 느낌이다. 중간에 워게임도 다수 있어 공부한 내용을 복습하기에 좋다. 다만 생각보다 분량이 적어서 금방 끝나서, 웹 해킹 강의가 더 나왔으면 좋겠다.

Retail Price
4550 coins
When you subscribe
Free
0% Completed Total 0 completed
Lecture 0 /82
82
Wargame 0 /34
34
Quiz 0 /33
33
You can access locked objectives by upgrading your plan or purchasing the units separately.
The Lab is a practice and is not included in the overall progress.