Back

Security Testing Masterclass: Web, API and Mobile Application Security- Day 1

Security Testing Masterclass: Web, API and Mobile Application Security- Live Training (Web, API & Mobile Security with Burp Suite, Vooki, Nmap, Zenmap, OWASP Juice Shop, WebGoat, Yazhini, Dex2Jar, JD-GUI, Snyk & More)   This course introduces participants to OWASP security …

Event Information

  • Price Rs.7,900.00 per participant
  • Start Time 8:00 pm January 22, 2026
  • Finish Time 9:00 pm January 22, 2026
  • Capacity Limited to 100 people

Security Testing Masterclass: Web, API and Mobile Application Security- Live Training

(Web, API & Mobile Security with Burp Suite, Vooki, Nmap, Zenmap, OWASP Juice Shop, WebGoat, Yazhini, Dex2Jar, JD-GUI, Snyk & More)

 

This course introduces participants to OWASP security concepts associated with REST APIs, SOAP APIs & Web applications. This is a foundation course & we encourage you to take this skill upgrade if you are a beginner in security world. This course uses vulnerable REST APIs, SOAP APIs & Web applications to demonstrate, identify security vulnerabilities as per OWASP top#10 standards.

 

About the Instructor:

Kiran is an ITIL qualified Full Stack SDET specialist, Corporate Trainer and Consultant with over 19 years of experience in leading & delivering corporate training with tangible direction to IT professionals by imparting white-box knowledge in Software Testing, Security Testing, Test Automation, Test Practices & Competencies, Corporate Trainings & TCoE Delivery.

We cannot be good at something unless we like it and have fun doing it. The approach I take in my training sessions is to get the participants excited about technology and make it entertaining. I would like to consider myself an “Entertrainer”.

→ Successfully trained 6000+ employees across 500+ corporate giants & is still counting
→ Real time experience in delivering online, recorded, on-demand & classroom/live training programs, with hands-on experience on multiple domains/verticals

→ Has been a trainer for both in-house as well as public, corporate programs and has streamlined the development of training material and training process for QA related areas, across corporate clientele and contributing to bottom line customer satisfaction

 

Sample Videos:

“Security Testing Masterclass: Web, API and Mobile Application Security”-Demo Video

 

Live Sessions Price:

For LIVE sessions – Offer price after discount is 149 USD 139 USD 99 USD Or 15000 INR 13000 INR 7900 Rupees.

Enroll For Free Demo

OR

Whatsapp

Free Day 1 On:

Indian Timings: 22nd January @ 8 PM – 9 PM (IST)/

U.S Timings: 22nd January @ 9:30 AM – 10:30 AM (EST)/

U.K Timings: 22nd January @ 2:30 PM – 3:30 PM (BST)

 

Class Schedule:

For Participants in India: Monday to Friday 8 PM – 9 PM (IST)

For Participants in the US: Monday to Friday 9:30 AM – 10:30 AM (EST)

For Participants in the UK: Monday to Friday 2:30 PM – 3:30 PM (BST)

 

Prerequisites:

Good understanding of:

  • Websites and web browser
  • Client Server architecture
  • Web Services/APIs testing
  • Basic knowledge of HTTP/HTTPS protocol
  • Basic understanding of HTTP methods
  • Basic understanding of functional testing

 

What student’s have to say about Trainer :

Easy to understand even difficult concepts, step by step explanation with real examples – Vick

Excellent explanation from basics with clear examples. – Shan

It is very good for learning and understanding in a simple and logical way. – Nick

I appreciate your expertise on teaching the subject with so much clarity and depth. Thank you for being such a wonderful coach and guide. – Latha

To the point explanation by instructor, Realtime examples also shared. learned alot through this course. – Kamala

Thank you so much Kiran Sir for the wonder full explanation worth to watch,and you always proves that anybody can learn anything from scratch, if trained by good trainer like you. – Satish

 

What will I Learn by the end of this course?

  • By the end of this course, you will become a OWASP Security testing specialist:
  • LO1 Understand OWASP top#10 vulnerabilities for Web applications & backend APIs
  • LO2 You will get complete knowledge on REST API, SOAP API, Web applications, Android apks, & Port security testing
  • LO3 In-depth understanding of exploiting OWASP vulnerabilities on vulnerable applications & APIs
  • LO4 Learn how to generate security testing reports using Security testing tools
  • LO5 Learn how to scan source code for OSS vulnerabilities & conduct reverse engineering of source code-Android apks

 

Salient Features:

  • 25 Hours of Live Training along with recorded videos
  • Lifetime access to the recorded videos
  • Course Completion Certificate

 

Who can enroll in this course?

  • Security enthusiasts
  • Security professionals intending to upskill for compliance based penetration testing

 

Course syllabus:

CHAPTER 1: INTRODUCTION TO OWASP VULNERABILITIES [HANDS-ON-EXERCISE]

  • What is a Threat, Target, CVSS, CVE, Vulnerability Assessment Testing, Penetration Testing, Security testing
  • OWASP Vulnerabilities explained
  • Sensitive information disclosure
  • Using vulnerable & outdated components
  • Incorrectly configured & missing response headers
  • Insecure design
  • Open network ports detection
  • Server-side missing validations
  • Broken access control
  • SQL injection
  • Cross-site scripting css/xss injection
  • Html injection
  • Idor attacks
  • Jwt tokens abuse
  • Security misconfiguration
  • Brute force attacks/ddos attacks
  • Unrestricted access to sensitive business flows
  • Broken object-level authorization
  • Broken user authentication
  • Broken object  property level

 

CHAPTER 2: DOWNLOAD & SETUP OF VULNERABLE APPLICATIONS [HANDS-ON-EXERCISE]

  • OWASP Juice Shop
  • OWASP Web Goat
  • Altoro mutual bank application
  • Parabank soft application
  • Acunetix Test PHP application
  • Blazedemo Application

 

CHAPTER 3: PORT SCANNING USING NMAP/ZENMAP TOOL [HANDS-ON-EXERCISE]

 

  • What is Nmap [Network Mapper] tool
  • What are network ports used for
  • Download & Installation of Nmap tool for CLI execution & Zenmap tool for UI execution
  • Executing commands to discover open, filtered & closed ports and to detect OS and services version details
  • Learn how to do different scans i.e., basic/aggressive/quick scan plus/ping scan/OS/multiple hosts/intense scan

 

CHAPTER 4: INTRODUCTION & INSTALLATION OF BURP SUITE-SECURITY TESTING DAST TOOL [HANDS-ON-EXERCISE]

 

  • What is Burp Suite tool
  • Installation of Burp Suite Community Edition
  • Walk-through of Burp Suite features
  • Understanding Burp Suite tool capabilities

 

CHAPTER 5: CONDUCTING PENETRATION TESTING USING BURP SUITE TOOL [HANDS-ON-EXERCISE]

 

  • Learn how to setup Burp Suite environment
  • Explore the Burp features : Proxy, Target, Intruder, Repeater, Decoder
  • Download & Install Burp HTTPS certificate
  • Using Burp in-built chromium browser to capture HTTP requests & intercept the same
  • Capturing the http requests by configuring Burp Proxy, Burp Interceptor & Burp Repeater
  • Learn how to intercept http requests and tamper responses to check server behavior
  • How to forward, drop intercepted requests
  • Sending the requests to Burp Intruder for brute force attacks using various payloads
  • Hacking credentials using Burp Intruder
  • Sending the requests to Burp Repeater to test repeatedly with various request tamperings
  • Point-to-point attacks using Burp Repeater
  • Learn how to encode or decode the request parameters using Burp Suite Decoder
  • Visiting BApp store to install top rated plugins to aid in security testing [HACK BAR-PAYLOAD BUCKET, CONTENT TYPE CONVERTER, HTTP METHODS DISCLOSURE, JSON WEB TOKEN ATTACKER]

 

CHAPTER 6: VULNERABILITY ASSESSMENT TESTING (VAPT) OF REST APIs, SOAP APIs & WEB APPLICATIONS USING VOOKI TOOL [HANDS-ON-EXERCISE]

 

  • Introduction & Installation of Vooki tool
  • Walk-through of Vooki tool UI features
  • Testing APIs for OWASP top #10 techniques
  • Learn how to scan an entire website [Basic Scan, Crawler]
  • Learn how to use SSL scanner, understand Cryptography, Domain & Host scanner
  • Detect & understand the vulnerabilities identified during the web application scan
  • Generate HTML test report for security vulnerabilities found at web application scan
  • Conducting full vulnerability testing scan on REST APIs that uses GET, POST, PUT, PATCH, DELETE methods
  • Conducting full vulnerability testing scan on SOAP APIs
  • Generate HTML test report for security vulnerabilities identified at API security scan
  • Detect & understand the vulnerabilities identified during the APIs scan process

 

CHAPTER 7: ANDROID APPS SECURITY TESTING USING YAZHINI,  DEX2JAR & JD-GUI-DAST TOOLS [HANDS-ON-EXERCISE]

 

  • Introduction and Installation of Yazhini tool
  • Installation of Dex2Jar, Java Decompiler
  • Scanning the Android apk for vulnerabilities
  • Conducting Full scan, Basic scan on apk
  • Reverse engineering to check if APK can be deobfuscated to see original written code
  • Generating the vulnerabilities test report for Android apk scan
  • Vulnerability assessment scan of android .apk files and iOS .ipa files

 

CHAPTER 8: FINDING SOURCE CODE OSS VULNERABILITIES [OPEN SOURCE SOFTWARE] – SAST [HANDS-ON-EXERCISE]

  • What is Snyk tool used for
  • Sign up & Sign in to Snyk tool
  • Adding your Github repo to Snyk project list
  • Scanning the source code using Snyk scanner
  • Running Snyk from CLI mode
  • Understanding the vulnerability test report

Leave A Reply

Your email address will not be published. Required fields are marked *