Security Testing Masterclass: Web, API and Mobile Application Security

Security Testing Masterclass: Web, API and Mobile Application Security- Live Training

(Web, API & Mobile Security with Burp Suite, Vooki, Nmap, Zenmap, OWASP Juice Shop, WebGoat, Yazhini, Dex2Jar, JD-GUI, Snyk & More)

This course is designed to provide in-depth, practical training in Web Application Security, API Security, and Mobile App Vulnerability Testing. Covering OWASP Top 10 vulnerabilities, you’ll explore a range of attacks including SQL Injection, XSS, Broken Access Control, IDOR, JWT abuse, and more.

You’ll work with industry-standard tools such as Burp Suite, Nmap, Zenmap, Vooki, Yazhini, Dex2Jar, and Snyk, using live vulnerable applications like OWASP Juice Shop, WebGoat, and Altoro Mutual.

This course is built around hands-on labs and exercises to help you develop real-world penetration testing skills across web, API, and mobile platforms. Whether you’re starting a career in cybersecurity or upgrading your testing skills, this course provides the practical knowledge and tools to secure modern applications.

About the Instructor:

Kiran is an ITIL qualified Full Stack SDET specialist, Corporate Trainer and Consultant with over 19 years of experience in leading & delivering corporate training with tangible direction to IT professionals by imparting white-box knowledge in Software Testing, Security Testing, Test Automation, Test Practices & Competencies, Corporate Trainings & TCoE Delivery.

We cannot be good at something unless we like it and have fun doing it. The approach I take in my training sessions is to get the participants excited about technology and make it entertaining. I would like to consider myself an “Entertrainer”.

→ Successfully trained 6000+ employees across 500+ corporate giants & is still counting
→ Real time experience in delivering online, recorded, on-demand & classroom/live training programs, with hands-on experience on multiple domains/verticals

→ Has been a trainer for both in-house as well as public, corporate programs and has streamlined the development of training material and training process for QA related areas, across corporate clientele and contributing to bottom line customer satisfaction

Sample Videos:

“Security Testing Masterclass: Web, API and Mobile Application Security”-Demo Video

Security Testing Masterclass: Web, API and Mobile Application Security”-Day 1 Video

Live Sessions Price:

For LIVE sessions – Offer price after discount is ~~149 USD 139 ~~USD~~~~ 99 USD Or ~~15000 INR~~ ~~13000 INR~~ 7,900 Rupees.

Enroll For Free Demo

Demo Session:

15th July @ 8 PM – 9 PM (IST) (Indian Timings)

15th July @ 10:30 AM – 11:30 PM (EST) (U.S Timings)

15th July @ 3:30 PM – 4:30 PM (BST) (UK Timings)

Class Schedule:

For Participants in India: Monday to Friday 8 PM – 9 PM (IST)

For Participants in the US: Monday to Friday 10:30 AM – 11:30 PM (EST)

For Participants in the UK: Monday to Friday 3:30 PM – 4:30 PM (BST)

Prerequisites:

Good understanding of:

Websites and web browser
Client Server architecture
Web Services/APIs testing
Basic knowledge of HTTP/HTTPS protocol
Basic understanding of HTTP methods
Basic understanding of functional testing

What student’s have to say about Trainer :

👩Thank you, sir. I used to have a fear of security testing and had zero knowledge about it, but after completing this course, I feel much more confident and informed. – Shilpaborkar

👨Thank you Kiran for the comprehensive sessions even from the very basics ! Enjoyed the sessions thoroughly !!! – zishan rabbani

👨Kiran training on Security testing was very useful, he explained each topic very well and provided valid examples during training. – Ramana Reddy Gaddam

👨Thanks Kiran for a wonderful and detailed session. It was very informative and your explanation was awesome.. we are confident after attending the session.. 👌👌🙏🙏🙏 – Ramana Reddy

👨Easy to understand even difficult concepts, step by step explanation with real examples – Vick

👨Excellent explanation from basics with clear examples. – Shan

👨It is very good for learning and understanding in a simple and logical way. – Nick

👩I appreciate your expertise on teaching the subject with so much clarity and depth. Thank you for being such a wonderful coach and guide. – Latha

👩To the point explanation by instructor, Realtime examples also shared. learned alot through this course. – Kamala

👨Thank you so much Kiran Sir for the wonder full explanation worth to watch,and you always proves that anybody can learn anything from scratch, if trained by good trainer like you. – Satish

What will I Learn by the end of this course?

Understand core security concepts including threats, vulnerabilities, CVEs, CVSS, and security testing types (VAPT, Penetration Testing, Security Testing).
Gain in-depth knowledge of OWASP Top 10 vulnerabilities with real-time hands-on demonstrations (e.g., SQL Injection, XSS, Broken Access Control, IDOR, JWT Abuse, etc.).
Learn how to detect and exploit vulnerabilities in web applications and APIs using industry-standard tools like Burp Suite, Vooki, and Nmap/Zenmap.
Install and test popular vulnerable applications such as OWASP Juice Shop, WebGoat, Altoro Mutual, and more for practical learning.
Perform port scanning, OS detection, and service discovery using Nmap and Zenmap.
Conduct API Security Testing on REST & SOAP APIs with hands-on exercises using Vooki Tool.
Learn Android App Security Testing using tools like Yazhini, Dex2Jar, and JD-GUI, including reverse engineering of APKs.
Identify Open Source Software (OSS) vulnerabilities through SAST using tools like Snyk, and integrate GitHub repositories for scanning source code.
Generate professional vulnerability assessment reports for web, API, and mobile application scans.
Build the practical skills needed to start a career in Cybersecurity, VAPT, or Application Security Testing.

Salient Features:

28 Hours of Live Training along with recorded videos
Lifetime access to the recorded videos
Course Completion Certificate

Who can enroll in this course?

Students and fresh graduates interested in building a career in cybersecurity or ethical hacking.
Manual and automation testers looking to upgrade their skills with security testing and VAPT knowledge.
QA engineers and test leads who want to understand real-time vulnerabilities in web, mobile, and API testing.
Developers who want to learn how to secure their code and applications by understanding OWASP vulnerabilities.
Security enthusiasts, bug bounty hunters, and ethical hackers seeking practical, hands-on experience.
IT professionals transitioning into application security or cybersecurity roles.

Course syllabus:

✅CHAPTER 1: INTRODUCTION TO OWASP VULNERABILITIES [HANDS-ON-EXERCISE]

What is a Threat, Target, CVSS, CVE, Vulnerability Assessment Testing, Penetration Testing, Security testing
OWASP Vulnerabilities explained
Sensitive information disclosure
Using vulnerable & outdated components
Incorrectly configured & missing response headers
Insecure design
Open network ports detection
Server-side missing validations
Broken access control
SQL injection
Cross-site scripting css/xss injection
Html injection
Idor attacks
Jwt tokens abuse
Security misconfiguration
Brute force attacks/ddos attacks
Unrestricted access to sensitive business flows
Broken object-level authorization
Broken user authentication
Broken object property level

_______________________________________________________________________________

✅CHAPTER 2: DOWNLOAD & SETUP OF VULNERABLE APPLICATIONS [HANDS-ON-EXERCISE]

OWASP Juice Shop
OWASP Web Goat
Altoro mutual bank application
Parabank soft application
Acunetix Test PHP application
Blazedemo Application

_______________________________________________________________________________

✅CHAPTER 3: PORT SCANNING USING NMAP/ZENMAP TOOL [HANDS-ON-EXERCISE]

What is Nmap [Network Mapper] tool
What are network ports used for
Download & Installation of Nmap tool for CLI execution & Zenmap tool for UI execution
Executing commands to discover open, filtered & closed ports and to detect OS and services version details
Learn how to do different scans i.e., basic/aggressive/quick scan plus/ping scan/OS/multiple hosts/intense scan

_______________________________________________________________________________

✅CHAPTER 4: INTRODUCTION & INSTALLATION OF BURP SUITE-SECURITY TESTING DAST TOOL [HANDS-ON-EXERCISE]

What is Burp Suite tool
Installation of Burp Suite Community Edition
Walk-through of Burp Suite features
Understanding Burp Suite tool capabilities

_______________________________________________________________________________

✅CHAPTER 5: CONDUCTING PENETRATION TESTING USING BURP SUITE TOOL [HANDS-ON-EXERCISE]

Learn how to setup Burp Suite environment
Explore the Burp features : Proxy, Target, Intruder, Repeater, Decoder
Download & Install Burp HTTPS certificate
Using Burp in-built chromium browser to capture HTTP requests & intercept the same
Capturing the http requests by configuring Burp Proxy, Burp Interceptor & Burp Repeater
Learn how to intercept http requests and tamper responses to check server behavior
How to forward, drop intercepted requests
Sending the requests to Burp Intruder for brute force attacks using various payloads
Hacking credentials using Burp Intruder
Sending the requests to Burp Repeater to test repeatedly with various request tamperings
Point-to-point attacks using Burp Repeater
Learn how to encode or decode the request parameters using Burp Suite Decoder
Visiting BApp store to install top rated plugins to aid in security testing [HACK BAR-PAYLOAD BUCKET, CONTENT TYPE CONVERTER, HTTP METHODS DISCLOSURE, JSON WEB TOKEN ATTACKER]

_______________________________________________________________________________

✅CHAPTER 6: VULNERABILITY ASSESSMENT TESTING (VAPT) OF REST APIs, SOAP APIs & WEB APPLICATIONS USING VOOKI TOOL [HANDS-ON-EXERCISE]

Introduction & Installation of Vooki tool
Walk-through of Vooki tool UI features
Testing APIs for OWASP top #10 techniques
Learn how to scan an entire website [Basic Scan, Crawler]
Learn how to use SSL scanner, understand Cryptography, Domain & Host scanner
Detect & understand the vulnerabilities identified during the web application scan
Generate HTML test report for security vulnerabilities found at web application scan
Conducting full vulnerability testing scan on REST APIs that uses GET, POST, PUT, PATCH, DELETE methods
Conducting full vulnerability testing scan on SOAP APIs
Generate HTML test report for security vulnerabilities identified at API security scan
Detect & understand the vulnerabilities identified during the APIs scan process

_______________________________________________________________________________

✅CHAPTER 7: ANDROID APPS SECURITY TESTING USING YAZHINI, DEX2JAR & JD-GUI-DAST TOOLS [HANDS-ON-EXERCISE]

Introduction and Installation of Yazhini tool
Installation of Dex2Jar, Java Decompiler
Scanning the Android apk for vulnerabilities
Conducting Full scan, Basic scan on apk
Reverse engineering to check if APK can be deobfuscated to see original written code
Generating the vulnerabilities test report for Android apk scan
Vulnerability assessment scan of android .apk files and iOS .ipa files

_______________________________________________________________________________

✅CHAPTER 8: FINDING SOURCE CODE OSS VULNERABILITIES [OPEN SOURCE SOFTWARE] – SAST [HANDS-ON-EXERCISE]