Web Application Penetration Testing: Information Gathering

What This Course Covers

The course walks through passive information gathering (WHOIS, DNS enumeration, search engine operators, metadata extraction) and active reconnaissance (port scanning, service identification, web server fingerprinting, technology stack detection). You’ll learn how to build a comprehensive target profile without triggering alerts, using both manual techniques and automated tools. Malek demonstrates real-world scenarios where reconnaissance quality determines test success, including identifying hidden directories, API endpoints, and legacy systems still in production.

Practical labs cover setting up reconnaissance workflows, interpreting scan results, and documenting findings in formats security teams actually use. You’ll work through common mistakes—over-aggressive scanning that alerts WAF systems, missing subdomains that become attack vectors, and failing to correlate data across multiple sources. The hands-on approach means you’re building muscle memory for the methodical approach that separates thorough testers from script-runners.

Who Is This Course For?

Ideal for:

• Security professionals starting penetration testing: If you’re transitioning into offensive security or completing your first certifications (CEH, OSCP prep), this reconnaissance foundation is non-negotiable. You’ll learn the systematic approach before attempting exploitation.
• Developers and DevSecOps engineers: Understanding how attackers map your applications helps you design better security controls and identify what’s exposed in your own infrastructure. This is the attacker’s first step.
• Security operations and incident response teams: Knowing reconnaissance techniques helps you detect early-stage attacks and understand what adversaries learn about your environment before they strike.

May not suit:

• Complete beginners without networking fundamentals: You’ll need working knowledge of TCP/IP, DNS, HTTP, and basic command-line tools. This course assumes you can interpret network concepts.
• Those seeking exploitation or post-compromise techniques: This is strictly reconnaissance. If you want to learn how to exploit findings or maintain access, you’ll need advanced courses after this foundation.

Frequently Asked Questions

How long does Web Application Penetration Testing: Information Gathering take?

1 hour 1 minute of video content. Plan for 2–3 hours total if you’re working through the hands-on labs and practising techniques in the sandboxes.

Do I need penetration testing experience to take this course?

No, but you should understand networking basics (TCP/IP, DNS, HTTP). If those concepts are unfamiliar, start with a networking fundamentals course first.

Will this prepare me for CEH or OSCP certification exams?

It covers essential reconnaissance topics tested in both certifications, but you’ll need additional courses covering exploitation, reporting, and exam-specific domains. Use this as your reconnaissance foundation.

What tools does Malek Mohammad use in the labs?

The course uses industry-standard open-source and commercial tools (nmap, Burp Suite, OWASP ZAP, whois, dig, and others). You’ll learn tool-agnostic techniques that transfer across different toolsets.