Toggle Side Panel
Close search
Lesson 1 of 0
In Progress

Practical Lab – Web Security Lab Track: Beginner to Master Level

Level 1: Beginner – Web Security Foundations Tools: 

  • DVWA
  • Kali Linux
  • Browser DevTools
  • Local Apache + MySQL

Labs: 

  1. Set up DVWA on Kali Linux using Apache2
  2. Explore the DVWA interface and change security levels
  3. Test Reflected XSS on DVWA
  4. Input Validation vs Output Encoding
  5. HTML/JS Injection Demo
  6. Use View Page Source & Inspect Element
  7. Test Login Bypass with SQLi: admin’ — 
  8. HTTP Request/Response Basics with curl

Outcome: Learners understand web app structure, basic attacks, and browser behavior. 

__________

Level 2: Intermediate – Exploitation & Mitigation Tools: 

  • OWASP Juice Shop
  • Burp Suite Community Edition
  • OWASP ZAP

Labs: 

  1. Install OWASP Juice Shop
  2. Use Burp Suite to intercept and modify requests
  3. Persistent XSS Attack Demo
  4. Command Injection on DVWA
  5. CSRF Attack Simulation (Juice Shop)
  6. Insecure IDOR (Access other user data)
  7. Broken Access Control (Change roles via hidden fields)
  8. Security Headers Testing with SecurityHeaders.com
  9. Practice with ZAP Spider and Active Scan

Outcome: Learners can simulate real attacks and understand their root causes and impact. 

__________

Level 3: Advanced – API & Modern Web Threats Tools: 

  • Postman
  • JWT.io
  • Mock APIs or custom REST API server
  • OWASP API Top 10

Labs: 

  1. JWT Tampering via Decoding and Editing
  2. API Enumeration & Broken Object Level Auth
  3. Mass Assignment via API Payloads
  4. Rate Limiting Bypass Demo
  5. API Key Exposure via headers & logs
  6. Cross-Origin Resource Sharing (CORS) Exploitation
  7. Using OWASP ZAP to test APIs
  8. Command injection via hidden API routes

Outcome: Learners can identify and exploit weaknesses in modern RESTful APIs using professional tools. 

__________

Level 4: Expert – Real-World Simulations & Defense Tools: 

  • SIEM (e.g., Wazuh or Splunk)
  • ModSecurity or nginx WAF
  • Security Header implementation
  • Custom vulnerable app or CTF-style scenarios

Labs: 

  1. Configure WAF with ModSecurity and test blocking XSS/SQLi 2. Implement CSP and X-Frame-Options, then test bypasses
  2. Simulate JWT Session Hijacking and Defend
  3. CSRF token implementation and validation
  4. Analyze Logs & Audit Trails using Wazuh
  5. Deface + Detect + Recover Lab (Blue Team practice) 
  6. Privilege Escalation and Defense in Web Apps
  7. Create Custom Security Policies using Helmet (Node.js)

Outcome: Learners simulate real-world threats, configure mitigations, and build secure-by-design apps.

You cannot copy content of this page

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .