Updated in May 2025.
This course now features Coursera Coach! A smarter way to learn with interactive, real-time conversations that help you test your knowledge, challenge assumptions, and deepen your understanding as you progress through the course. This course takes you through the complex world of full-stack web exploitation, focusing on real-world attack vectors used in modern web applications. You will begin with an overview of web security challenges and progress to advanced techniques such as bypassing Content Security Policy (CSP) with various methods. Each section provides practical demonstrations that showcase vulnerabilities found in popular web frameworks and libraries. As the course progresses, you'll delve into exploiting web applications through PDFs, images, and links, including XSS attacks and token hijacking. You'll also explore AngularJS vulnerabilities, such as template injection and scope hacking, which are often exploited in Single Page Applications (SPAs). Detailed case studies and examples provide a deep understanding of how these attacks are executed and prevented in real-world applications. Finally, the course covers full-stack attacks, including HTTP parameter pollution, subdomain takeover, and race condition exploits. Through hands-on labs, you'll get the chance to apply your knowledge and explore cutting-edge exploitation techniques. By the end of the course, you’ll have developed the ability to identify, exploit, and mitigate a wide range of web application vulnerabilities. This course is designed for web developers, security professionals, and penetration testers looking to enhance their expertise in web application security. Prior knowledge of basic web technologies, HTTP, and JavaScript is recommended. Familiarity with core concepts of web security is beneficial but not required.















