• Introduction to Web Application Pentesting

• Web Application Lab Setup

• Burpsuite Installation and proxy setup

• Web Application Penetration Testing Tools

• Web Hacking Methodology

• Footprinting

• Server Footprinting

• Port Footprinting

• Service Footprinting

• Banner Grabbing or Footprinting

• WAF Detection

• Hidden Content Footprinting

• Load Balancer Detection

• Web Application Analyze

• OWASP TOP10

• A1 Injection Flaws

• A2 Broken Authentication

• A3 Sensitive Data Exposure

• A4 XML External Entities (XXE)

• A5 Broken Access Control

• A6 Security Misconfiguration

• A7 Cross-Site Scripting (XSS)

• A8 Insecure Deserialization

• A9 Using Components with Known Vulnerabilities

• A10 Insufficient Logging & Monitoring

• Other Web Application Threats

• Solving Web-CTF Machine