Learn Bug Bounty Hunting & Web Security Testing From Scratch

Learn how to discover bugs / vulnerabilities like experts | OWASP top 10 + more | No prior knowledge required

4.59 (1737 reviews)
Udemy
platform
English
language
Network & Security
category
Zaid Sabih
instructor
Learn Bug Bounty Hunting & Web Security Testing From Scratch
14,307
students
11 hours
content
Mar 2024
last update
$94.99
regular price

What you will learn

95+ videos to teach you bug hunting & security testing from scratch.

80+ hands-on real-life examples - from simple to advanced.

Discover the most common web application bugs and vulnerabilities.

Discover bugs from the OWASP top 10 most common security threats.

Bypass filters & security on all of the covered bugs & vulnerabilities.

2 Hour LIVE bug hunt / pentest on a real web application at the end of the course.

My approach to bug hunting and web application penetration testing.

The bug hunter / hacker mentality.

Efficiency use Burp Suite to discover bugs and vulnerabilities.

Discover sensitive & hidden information, paths, files, endpoints and subdomains

Gather information about websites & applications

Essential topics to bounty hunting.

HTTP methods & status codes.

Cookies & cookie manipulation

HTML basics for bug hunting.

XML basics for bug hunting.

Javascript basics for bug hunting.

Read & analyse headers, requests and responses

Discover information disclosure vulnerabilities.

Discover broken access control vulnerabiltiies.

Discover path / directory traversal vulnerabilities.

Discover CSRF vulnerabilities.

Discover IDOR vulnerabilities

Discover OAUTH 2.0 vulnerabilities

Discover Injection vulnerabilities.

Discover Command Injection vulnerabilities

Discover HTML Injection vulnerabilities

Discover XSS vulnerabilities (Reflected, Stored & DOM).

Advanced XSS discovery & bypass techniques

Discover SQL Injection vulnerabilities.

Discover Blind SQL Injection vulnerabilities.

Discover Time-based blind SQL Injection vulnerabilities.

Discover SSRF vulnerabilities.

Discover blind SSRF vulnerabilities.

Discover XXE vulnerabilities.

The Burp Suite Proxy.

The Burp Suite Repeater.

The Burp Suite Filter

The Burp Suite Intruder.

The Burp Suite Collaborator.

Why take this course?

Welcome to my comprehensive course on Bug Bounty Hunting & Web Security Testing course. This course assumes you have NO prior knowledge, it starts with you from scratch and takes you step-by-step to an advanced level, able to discover a large number of bugs or vulnerabilities (including the OWASP top 10) in any web application regardless of the technologies used in it or the cloud servers that it runs on.


This course is highly practical but doesn't neglect the theory, we'll start with basics to teach you how websites work, the technologies used and how these technologies work together to produce these nice and functional platforms that we use everyday. Then we'll start hacking and bug hunting straight away. You'll learn everything by example, by discovering security bugs and vulnerabilities, no boring dry lectures.


The course is divided into a number of sections, each aims to teach you a common security bug or vulnerability from the OWASP top 10 most common security threats. Each section takes you through a number of hands-on examples to teach you the cause of the security bug or vulnerability and how to discover it in a number of scenarios, from simple to advanced. You'll also learn advanced techniques to bypass filters and security measures. As we do this I will also introduce you to different hacking and security concepts, tools and techniques. Everything will be taught through examples and hands-on practicals, there will be no useless or boring lectures!


At the end of the course I will take you through a two hour pentest or bug hunt to show you how to combine the knowledge that you acquired and employ it in a real-life scenario to discover bugs and vulnerabilities in a real website! I will show you how I approach a target, analyse it, and take it apart to discover bugs and vulnerabilities in features that most would think are secure!


As mentioned you'll learn much more than just how to discover security bugs in this course, but here's a list of the main security bugs and vulnerabilities that will be covered in the course:


  • Information Disclosure.

  • IDOR (Insecure Direct Object Reference).

  • Broken Access Control .

    • Directory / Path Traversal.

    • Cookie Manipulation.

    • CSRF (Client-Side Request Forgery).

    • OAUTH 2.0.

  • Injection Vulnerabilities.

    • Command Injection.

    • Blind Command Injection.

    • HTML Injection.

    • XSS (Cross-Site Scripting).

    • Reflected, Stored & DOM Based XSS.

    • Bypassing Security Filters.

    • Bypassing CSP (Content Security Policy).

    • SQL Injection.

    • Blind SQLi.

    • Time-based Blind SQLi.

  • SSRRF (Server-Side Request Forgery).

  • Blind SSRF.

  • XXE (XML External Entity) Injection.


Topics:

  • Information gathering.

  • End point discovery.

  • HTTP Headers.

  • HTTP status codes.

  • HTTP methods.

  • Input parameters.

  • Cookies.

  • HTML basics for bug hunting.

  • Javascript basics for bug hunting.

  • XML basics for bug hunting.

  • Filtering methods.

  • Bypassing blacklists & whitelists.

  • Bug hunting and research.

  • Hidden paths discovery.

  • Code analyses .


You'll use the following tools to achieve the above:

  • Ferox Buster .

  • WSL .

  • Dev tools.

  • Burp Suite:

    • Basics.

    • Burp Proxy.

    • Intruder (Simple & Cluster-bomb).

    • Repeater.

    • Collaborator.


With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 15 hours.


Checkout the curriculum and the course teaser for more info!

Screenshots

Learn Bug Bounty Hunting & Web Security Testing From Scratch - Screenshot_01Learn Bug Bounty Hunting & Web Security Testing From Scratch - Screenshot_02Learn Bug Bounty Hunting & Web Security Testing From Scratch - Screenshot_03Learn Bug Bounty Hunting & Web Security Testing From Scratch - Screenshot_04

Reviews

Bharath
July 28, 2023
This was excellent learning, Took me to next level for sure. I was stuck at a few areas and it has uncovered the path for me.
Joon
July 28, 2023
Dear Zaid and Team, I hope this message finds you well. I'm writing to extend my deepest gratitude for your outstanding web app hacking and bug bounty course. It was incredibly valuable and served as an excellent introduction to this complex field. Your team's knack for breaking down complicated techniques into understandable content is commendable. It clearly shows your expertise and dedication to educating beginners like myself.
Bohumir
July 23, 2023
Author simply know what he is talking about. Explanation is clear, complicated topics are explained at first on the pictures and then followed by practical examples. I also highly recommend other courses from this author.
NadineCyizere
June 28, 2023
This course has given me a clear understanding of how I can start bug bounty, and I would like to share that I had already started bug bounty on HackerOne prior to finishing this course. Thanks to Zaid Sabih for the valuable insights.
Savita
June 14, 2023
Awesome course. Zaid explained all the concepts very well. And whatever doubts occurred in between were very well cleared by the amazing TAs Diego and Hussein
Luke
June 12, 2023
I have deliberately chosen this particular Bug Bounty course because Zaid is doing it, and he is always excellent at delivering well-designed teaching. This course is proving to be no exception so far :)
Suvashish
June 2, 2023
I always choose Zaid courses as my preferred learning resource because they are consistently updated and provide real-world practical knowledge. Zaid's teaching style is exceptional as he thoroughly explains concepts, demonstrating his expertise in the subject matter. I greatly appreciate his dedication to delivering high-quality courses. Thank you sincerely for your exceptional work, Zaid! ❤
Parmjeet
May 27, 2023
Amazing Course. Learned about the strategy to follow for bug bounty. Thanks for these amazing contens
Arif
May 22, 2023
mr zaid teach me step by step, and this course is compitable with who wants to starting learn about bug bounty
Tomer
May 20, 2023
My 3rd course with Zsecurity. This is a great course if you want to get familiar with the top of the OWASP vulns, but I recommend his website hacking course if you also want to learn how to exploit them
Mark
May 18, 2023
Learning so much about the hacker mentality! Also a great way to learn how to use Burp Suite correctly.
Promise
May 10, 2023
The Tutor is a master in his course. He makes it easier for a first time man to understand how these works. I just learnt lots about JS and HTML. Thank you
Marzio
April 27, 2023
Il corso è ben fatto! Elenca e da un'idea delle maggiori vulnerabilità di sicurezza dei siti web e di come sfruttarle. E' solo un corso introduttivo tuttavia, ma ottimo per cominciare!
Cole
April 7, 2023
This course taught me everything I need and gave me lots of good resources to start Bug Hunting! Highly recommended for anyone whos interested in learning about that. One thing though, in the last few lectures during the live bug hunt, some of the things Zaid shows requires the Pro version of Burp Suite.
Stephanie
April 6, 2023
Yes, I have been unsure of how I can make money with my interest in hacking and this seems like a good fit.

Charts

Price

Learn Bug Bounty Hunting & Web Security Testing From Scratch - Price chart

Rating

Learn Bug Bounty Hunting & Web Security Testing From Scratch - Ratings chart

Enrollment distribution

Learn Bug Bounty Hunting & Web Security Testing From Scratch - Distribution chart

Related Topics

Piratage éthique
Bug Bounty
OWASP
4746194
udemy ID
6/22/2022
course created date
10/26/2022
course indexed date
Bot
course submited by