Here are some concluding remarks on the course.

We'll cover the following

That’s all!

It’s been a rather long journey together. We encountered great challenges (Chrome and Wireshark together!) and overcame them. After all, learning requires hard work, persistence, and practice. Our goal was to learn how to make web applications more secure, and the ways to do so often boggle the minds of many. Even established developers can sometimes struggle.

Fortunately for security professionals, this just means that pentesters are in high demand in the software industry. And this demand is going to keep on increasing as time goes by. Technology keeps on evolving, and bad actors continuously adapt to all these new advancements. So your journey as a pentester novice is not at an end—it has only just begun!


In this course, we:

  • Got acquainted with the basics of the Linux operating system
  • Went through a crash course on Python and Bash basics
  • Reviewed networking basics and how to analyze relevant data
  • Learned how to find good resources and conduct research
  • Practiced XSS, CSRF, and SQL injections
  • Discovered how adversaries use social engineering to take down targets
  • Learned about security in the grand scheme of things

What’s next?

Defining the next step of your pentesting career is entirely up to you, but we’d still like to offer up some advice:

  • There are many Linux distros out there. Each has its own little peculiarities. This means that vulnerabilities may also vary. It’s never a bad idea to look more deeply into these distros and Linux in general, even as a web application-only pentester.

  • Further practice Python and Bash programming. Also, look into Ruby.

  • Knowledge of advanced networking is the gateway to more complex attacks and their fixes.

  • Take part in Capture the Flag (CTF) and practice with more vulnerable web applications, like Acunetix’s library and Damn Vulnerable Web Application (DVWA). There are lots more out there, but these are good places to start.

  • We’ve tried XSS, CSRF, and SQL injections separately. Have you considered whether they could all be done at the same time in a single attack?

  • Just pentesting web applications will only take us so far. Host-based pentesting should be the next step. Metasploitable2, a host that runs various vulnerable web applications, is a nice starting point.

All that said, it never hurts do your research and decide your own path. Good luck!

Get hands-on with 1200+ tech skills courses.