End-to-End Security Testing: OWASP, Burp Suite, Nmap, Vooki

From Zero to Exploit: Practical Security Testing of Web, API, Android & Source Code

What you'll learn
- Understand the basics of Web Client-Server architecture and 3-tier enterprise application models
- Learn what APIs are, their structure, and how REST & SOAP APIs work in real-world systems
- Gain in-depth knowledge of HTTP/HTTPS protocols, headers, cookies, and request-response cycles
- Explore and analyze OWASP Top 10 Web & API vulnerabilities through real-time hands-on exercises
- Set up and test popular vulnerable applications like OWASP Juice Shop, Web Goat, Parabank, and more
- Perform port scanning using Nmap/Zenmap to discover open, filtered, and closed ports
- Install and use Burp Suite for performing manual security testing and penetration testing
- Capture, intercept, and tamper HTTP requests/responses using Burp tools like Proxy, Repeater, Intruder
- Scan REST and SOAP APIs for vulnerabilities using Vooki Security Testing Tool
- Test Android APK files for security flaws using Yazhini, Dex2Jar & JD-GUI
- Scan open-source code repositories for vulnerabilities using Snyk and interpret SAST reports
- Generate detailed security test reports for websites, APIs, and Android applications

Requirements
- Basic understanding of how web applications work (client-server model is helpful)
- Familiarity with software testing or QA concepts (not mandatory but recommended)
- No prior knowledge of security testing required – all tools and concepts are explained from scratch
- A Windows/Linux machine with internet access to install and run security testing tools
- Willingness to learn through hands-on practice using real-world vulnerable applications

Description
IMPORTANT NOTE

Please Note:This course is pulled out from live sessions. So, you will hear student interactions as well. We recommend watching the free preview videos to ensure the teaching style and content meet your expectations before investing your time and money.

COURSE DESCRIPTION

This course offers an in-depth, hands-on journey into the world ofWeb Application and API Security Testing, combining foundational concepts with practical exercises using real-world vulnerable applications and industry-standard tools. From understanding the fundamentals of web architecture and HTTP protocols to exploring OWASP Top 10 vulnerabilities, the curriculum provides a comprehensive roadmap for mastering bothWeb and API security.

Learners will be introduced to various types of APIs including REST and SOAP, along with critical security testing techniques using tools likeBurp Suite, Vooki, Yazhini, Nmap/Zenmap, and Snyk. You'll learn how to simulate attacks, identify vulnerabilities, and understand how enterprise applications function across front-end, back-end, and database layers.

Additionally, the course includes thesetup and exploitation of popular intentionally vulnerable applicationslike OWASP Juice Shop, Web Goat, and more. With a strong focus on hands-on experience, the course also covers Android APK security testing and scanning open-source code for vulnerabilities.

Whether you're a beginner or a security enthusiast, this course will help you gain confidence in understanding, identifying, and mitigating security flaws in modern web applications and APIs.

Who this course is for:
- Manual and Automation Testers who want to expand into Security Testing
- QA Engineers interested in learning API Security and Web Vulnerability Assessment
- Beginners in cybersecurity looking for practical, hands-on exposure
- Developers who want to understand common security flaws in web and API implementations
- Students or freshers seeking to build a strong foundation in Web Application Security
- Anyone preparing for roles like Security Tester, Penetration Tester, or Ethical Hacker
- Trainers and instructors looking to deliver real-time security concepts and tools
More Info