Premise

In this certificate review, I reviewed one of the newest Coursera project network courses on the platform.

Web Application Security Testing with Burp Suite is a hands-on and laboratory-style course where you learn how to use Burp Suite to perform web application security testing.

By the end of this project, you will learn the fundamentals of how to use Burp Suite Community Edition. This tool helps security professionals and penetration testers assess web application vulnerabilities. This course includes steps on how to configure the proxy between the browser and web application to intercept, view, alter, and forward HTTP requests and responses, and then analyze the results of your modifications. This course will also explain how to use a dictionary list to brute force logins, and how to exploit file upload and SQL injection vulnerabilities.

Course Link: https://www.coursera.org/projects/web-application-security-testing-burp-suite

Skills Learned

  • Setup Burp Suite proxy
  • Intercept, modify and forward HTTP requests
  • Brute force login page with a dictionary list and exploit file upload and SQL injection vulnerabilities

How the Course is Structured

When I first enrolled, I saw that the course is broken down into two main parts: a lab and a quiz.

  • The Lab: This part is ungraded, but I highly recommend you don’t skip it! It’s where all the learning happens. Going through the lab is a great way to refresh your knowledge and get some real, practical experience.
  • The Quiz: This is the only part of the course that’s actually graded. You’ll need to pass the quiz to get your certificate.

My Experience in the Lab

The lab environment is really cool. It’s set up with two main interfaces.

  • On the right side of the screen, I could watch videos of the instructor walking through all the lab exercises.
  • On the left side, I had my own virtual desktop with all the tools I needed to follow along and do the exercises myself. It was a great way to learn by doing.

For the exercises, the instructor used the Damn Vulnerable Web Application (DVWA), which is a fantastic playground for practicing web security skills.

What I Learned in the Lab

The lab videos covered a ton of great topics. Here are some of the highlights:

  • Intro to Burp Suite: I got a solid understanding of what Burp Suite is and how to use its basic features.
  • Setting Up a Proxy: I learned how to set up Burp Suite as a proxy with Firefox, which is essential for intercepting web traffic.
  • Intercepting and Manipulating Requests: This was the fun part! I got to practice capturing web requests and changing them on the fly.
  • Sniffing Credentials: I learned some cool techniques for capturing sensitive information like usernames and passwords.
  • Dictionary Attacks: I got to perform a dictionary attack against a login form, which is a common way to guess passwords.
  • File Upload and SQL Injection: I also learned how to spot and exploit vulnerabilities related to file uploads and SQL injection.

Finishing the Course and Getting My Certificate

After I finished all the labs, I took the final quiz. It wasn’t too difficult since the labs had prepared me well. Once I passed, I got my certificate, which I was pretty proud of! It’s a great way to show that I have some practical skills in application security testing.

Who Is This Course For?

I would strongly recommend this course to anyone who’s a beginner in application security testing, especially if you’re new to Burp Suite. It’s the perfect way to get your feet wet and build some real-world experience in cybersecurity. If you’re looking to learn about the tools of the trade, this course is a fantastic place to start. 👍

Video Walk-through

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles