HackTheCore // Application Security

Domain overview

This domain focuses on how web applications behave under stress, misuse and hostile input. It links attack surface discovery, manual testing and tool-assisted validation into a defensible application-security workflow.

Related certification context

These paths map closely to application-security work covered on this page.

OffSec OSWA / WEB-200Foundational web assessment workflow and practical attack coverage.
OffSec OSWE / WEB-300White-box web exploitation, source-guided review and custom exploit logic.

Curated public references

OWASP WSTG · Latestowasp.org/www-project-web-security-testing-guide/latest/
PortSwigger · portswigger.net/web-security
OWASP Cheat Sheet Seriescheatsheetseries.owasp.org/
OWASP ASVSowasp.org/www-project-application-security-verification-standard/
OWASP API Securityowasp.org/www-project-api-security/
PortSwigger · Documentationportswigger.net/burp/documentation
GitHub · EnableSecurity / wafw00fgithub.com/EnableSecurity/wafw00f

Brief index

brief

Introduction

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

3 focus points0 links

brief

OWASP Top 10 And Web Application Pentesting Theory

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

6 focus points4 links

brief

Web Application Pentesting Practice

Manual web testing workflows, exploit validation, quick references and tool-assisted verification.

10 focus points7 links

brief

Browser Exploitation Framework (Beef)

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

1 focus point0 links

brief

Burp Suite Professional

A practical interception and testing platform for manual web assessment, replay and exploit verification.

10 focus points6 links

brief

Web Application Firewall Bypass

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

10 focus points32 links

brief

Web Vulnerability Assessment (Burp Enterprise)

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

2 focus points1 link

brief

Web Vulnerability Assessment With Acunetix

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

2 focus points1 link

brief

Web Vulnerability Assessment With Netsparker

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

2 focus points1 link

brief

Web Vulnerability Assessment With Intruder.Io

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

2 focus points1 link

brief

Web Vulnerability Assessment With Rapid7 Appspider

Endpoint abuse, authorization failures and protocol-level weaknesses in API-driven systems.

1 focus point0 links

brief

Quick Reference

Application-layer testing patterns for behaviour, trust boundaries and exploit validation.

10 focus points0 links

brief

Ewpt - Web Pentesting Certification

Public certification references relevant to the surrounding discipline.

2 focus points1 link