A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. There are a lot of common web application vulnerabilities as a result of insecure code development practices or using vulnerable software, some examples are: SQL Injection, Cross Site Scripting (XSS), Command Execution, File Injection, Cross Site Request Forgery (CSRF), etc.

Kali Linux is a Linux distribution that is specialized for cybersecurity. It is an open-source product that involves a lot of customization for penetration testing, which helps companies to understand their vulnerabilities. It is maintained and funded by Offensive Security.

A web application firewall (WAF) protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks to apps are the leading cause of breaches—they are the gateway to your valuable data.

In this course, you will learn about web application ethical hacking techniques including using some Kali Linux tools:

• Introduction to web penetration testing and ethical hacking

• Designing and building a lab environment for pen testing

• Understanding website vulnerabilities and general attacks

• Understanding how to protect your website against attacks

• Secure coding and web application firewalls