I want to learn web application security testing and OWASP top 10 vulnerabilities. Can anybody provide something which help me to learn easily.

I found few in udemy but it doesn’t have complete info i think.

Please help me.

Ethical Hacking 101: Web App Penetration Testing - a full course for beginners

Another, nice channel to have a look at it!

https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q/videos

Some Udemy course I would recommend you to have a look for knowledge purpose, all are free, don’t worry!

https://www.udemy.com/course/web-application-hacking-burp-proxy-part-1/

https://www.udemy.com/course/burp-suite/

https://www.udemy.com/course/new-web-security-2020/

Extras

https://www.softwaretestinghelp.com/how-to-test-application-security-web-and-desktop-application-security-testing-techniques/

Tools Listing

• Abbey Scan
  • Owner: MisterScanner
  • License: Free
  • Platforms: SaaS
• Acunetix WVS
  • Owner: Acunetix
  • License: Commercial / Free (Limited Capability)
  • Platforms: Windows
• Application Security on Cloud
  • Owner: IBM
  • License: Commercial
  • Platforms: SaaS
• AppScan
  • Owner: IBM
  • License:
  • Platforms: Windows
• App Scanner
  • Owner: Trustwave
  • License: Commercial
  • Platforms: Windows
• AppSpider
  • Owner: Rapid7
  • License: Commercial
  • Platforms: Windows
• AppTrana Website Security Scan
  • Owner: AppTrana
  • License: Free
  • Platforms: SaaS
• Arachni
  • Owner: Arachni
  • License: Free for most use cases
  • Platforms: Most platforms supported
• AVDS
  • Owner: Beyond Security
  • License: Commercial / Free (Limited Capability)
  • Platforms: SaaS
• BlueClosure BC Detect
  • Owner: BlueClosure
  • License: Commercial, 2 weeks trial
  • Platforms: Most platforms supported
• BREACHLOCK Dynamic Application Security Testing
  • Owner: BREACHLOCK
  • License: Commercial
  • Platforms: SaaS
• Burp Suite
  • Owner: PortSwiger
  • License: Commercial / Free (Limited Capability)
  • Platforms: Most platforms supported
• Contrast
  • Owner: Contrast Security
  • License: Commercial / Free (Full featured for 1 App)
  • Platforms: SaaS or On-Premises
• Detectify
  • Owner: Detectify
  • License: Commercial
  • Platforms: SaaS
• Digifort- Inspect
  • Owner: Digifort
  • License: Commercial
  • Platforms: SaaS
• edgescan
  • Owner: edgescan
  • License: Commercial
  • Platforms: SaaS
• GamaScan
  • Owner: GamaSec
  • License: Commercial
  • Platforms: Windows
• Grabber
  • Owner: Romain Gaucher
  • License: Open Source
  • Platforms: Python 2.4, BeautifulSoup and PyXML
• Gravityscan
  • Owner: Defiant, Inc.
  • License: Commercial / Free (Limited Capability)
  • Platforms: SaaS
• Grendel-Scan
  • Owner: David Byrne
  • License: Open Source
  • Platforms: Windows, Linux and Macintosh
• GoLismero
  • Owner: GoLismero Team
  • License: GPLv2.0
  • Platforms: Windows, Linux and Macintosh
• IKare
  • Owner: ITrust
  • License: Commercial
  • Platforms: N/A
• ImmuniWeb
  • Owner: High-Tech Bridge
  • License: Commercial / Free (Limited Capability)
  • Platforms: SaaS
• InsightVM
  • Owner: Rapid7
  • License: Commercial with Free Trial
  • Platforms: SaaS
• Intruder
  • Owner: Intruder Ltd.
  • License:
  • Platforms:
• Indusface Web Application Scanning
  • Owner: Indusface
  • License: Commercial / Free Trial
  • Platforms: SaaS
• N-Stealth
  • Owner: N-Stalker
  • License: Commercial
  • Platforms: Windows
• Nessus
  • Owner: Tenable
  • License: Commercial
  • Platforms: Windows
• Netsparker
  • Owner: MavitunaSecurity
  • License: Commercial
  • Platforms: Windows
• Nexpose
  • Owner: Rapid7
  • License: Commercial / Free (Limited Capability)
  • Platforms: Windows/Linux
• Nikto
  • Owner: CIRT
  • License: Open Source
  • Platforms: Unix/Linux
• Probely
  • Owner: Probely
  • License: Commercial / Free (Limited Capability)
  • Platforms: SaaS
• Proxy.app
  • Owner: Websecurify
  • License: Commercial
  • Platforms: Macintosh
• QualysGuard
  • Owner: Qualys
  • License: Commercial
  • Platforms: N/A
• Retina
  • Owner: BeyondTrust
  • License: Commercial
  • Platforms: Windows
• Ride (REST JSON Payload fuzzer)
  • Owner: Adobe, Inc.
  • License: Apache 2 / Free
  • Platforms: Linux / Mac / Windows
• Securus
  • Owner: Orvant, Inc
  • License: Commercial
  • Platforms: N/A
• Sentinel
  • Owner: WhiteHat Security
  • License: Commercial
  • Platforms: N/A
• SOATest
  • Owner: Parasoft
  • License: Commercial
  • Platforms: Windows / Linux / Solaris
• Tinfoil Security
  • Owner: Tinfoil Security, Inc.
  • License: Commercial / Free (Limited Capability)
  • Platforms: SaaS or On-Premises
• Trustkeeper Scanner
  • Owner: Trustwave SpiderLabs
  • License: Commercial
  • Platforms: SaaS
• Vega
  • Owner: Subgraph
  • License: Open Source
  • Platforms: Windows, Linux and Macintosh
• Vex
  • Owner: UBsecure
  • License: Commercial
  • Platforms: Windows
• Wapiti
  • Owner: Informática Gesfor
  • License: Open Source
  • Platforms: Windows, Unix/Linux and Macintosh
• Web Security Scanner
  • Owner: DefenseCode
  • License: Commercial
  • Platforms: On-Premises
• WebApp360
  • Owner: TripWire
  • License: Commercial
  • Platforms: Windows
• WebCookies
  • Owner: WebCookies
  • License: Free
  • Platforms: SaaS
• WebInspect
  • Owner: Micro Focus
  • License: Commercial
  • Platforms: Windows
• WebReaver
  • Owner: Websecurify
  • License: Commercial
  • Platforms: Macintosh
• WebScanService
  • Owner: German Web Security
  • License: Commercial
  • Platforms: N/A
• Websecurify Suite
  • Owner: Websecurify
  • License: Commercial / Free (Limited Capability)
  • Platforms: Windows, Linux, Macintosh
• Wikto
  • Owner: Sensepost
  • License: Open Source
  • Platforms: Windows
• w3af
  • Owner: w3af.org
  • License: GPLv2.0
  • Platforms: Linux and Mac
• Zed Attack Proxy
  • Owner: OWASP
  • License: Open Source
  • Platforms: Windows, Unix/Linux and Macintosh

References

• SAST Tools - OWASP page with similar information on Static Application Security Testing (SAST) Tools
• Free for Open Source Application Security Tools - OWASP page that lists the Commercial Dynamic Application Security Testing (DAST) tools we know of that are free for Open Source
• http://sectooladdict.blogspot.com/ - Web Application Vulnerability Scanner Evaluation Project (WAVSEP)
• http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria - v1.0 (2009)
• http://www.slideshare.net/lbsuto/accuracy-and-timecostsofwebappscanners - White Paper: Analyzing the Accuracy and Time Costs of WebApplication Security Scanners - By Larry Suto (2010)
• http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html - NIST home page which links to: NIST Special Publication 500-269: Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0 (21 August, 2007)
• http://www.softwareqatest.com/qatweb1.html#SECURITY - A list of Web Site Security Test Tools. (Has both DAST and SAST tools)

Thank you Very much!