Learn Bug Bounty Hunting & Web Security Testing From Scratch Course

User Avatar
(2 reviews)
10.5 hours

Learn Bug Bounty Hunting & Web Security Testing From Scratch

Do you want to become a bug bounty hunter?
A web application security tester  / pentester?
How about securing your website or application?
→ If so, this is the course for you.

This course assumes you have NO prior knowledge, it starts with you from scratch and takes you step-by-step to an advanced level, able to discover a large number of bugs or vulnerabilities (including the OWASP top 10) in any web application regardless of the technologies used in it or the cloud servers that it runs on.

Learn bug hunting
Learn the OWASP top 10
95+ videos
80+ hands-on real-life examples

Why is this course so in demand?

Lifetime access to course materials and videos
Set the pace of your own study
Learn the way that best suits you
Get answers from our Support Team within 15 hours
Verifiable zSecurity certificate of completion
Unlimited updates to course materials and videos

Plus! Free 1 Month zSecurity Trial VIP membership with:

Live mentoring and Q&A session with course instructor and CTO, Zaid
Instant support from community members through our private discord channel
Daily updates with the latest tutorials and news from the hacking world
Daily resources like CTFs, bug bounty programs, onion services and more
Access our VIP community and connect with like-minded people
Discounts and offers on other zSecurity products and services

Here's how it works

This course is highly practical but doesn’t neglect the theory, we’ll start with basics to teach you how websites work, the technologies used and how these technologies work together to produce these nice and functional platforms that we use everyday. Then we’ll start hacking and bug hunting straight away. You’ll learn everything by example, by discovering security bugs and vulnerabilities, no boring dry lectures.

The course is divided into a number of sections, each aims to teach you a common security bug or vulnerability from the OWASP top 10 most common security threats. Each section takes you through a number of hands-on examples to teach you the cause of the security bug or vulnerability and how to discover it in a number of scenarios, from simple to advanced. You’ll also learn advanced techniques to bypass filters and security measures. As we do this I will also introduce you to different hacking and security concepts, tools and techniques. Everything will be taught through examples and hands-on practicals, there will be no useless or boring lectures!

At the end of the course I will take you through a two hour pentest or bug hunt to show you how to combine the knowledge that you acquired and employ it in a real-life scenario to discover bugs and vulnerabilities in a real website! I will show you how I approach a target, analyse it, and take it apart to discover bugs and vulnerabilities in features that most would think are secure!

As mentioned you’ll learn much more than just how to discover security bugs in this course, but here’s a list of the main security bugs and vulnerabilities that will be covered in the course:

  • Information Disclosure.
  • IDOR (Insecure Direct Object Reference).
  • Broken Access Control.
    • Directory / Path Traversal.
    • Cookie Manipulation.
    • CSRF (Client-Side Request Forgery).
    • OAUTH 2.0.
  • Injection Vulnerabilities.
    • Command Injection.
    • Blind Command Injection.
    • HTML Injection.
    • XSS (Cross-Site Scripting).
    • Reflected, Stored & DOM Based XSS.
    • Bypassing Security Filters.
    • Bypassing CSP (Content Security Policy).
    • SQL Injection.
    • Blind SQLi.
    • Time-based Blind SQLi.
  • SSRRF (Server-Side Request Forgery).
  • Blind SSRF.
  • XXE (XML External Entity) Injection.



  • Information gathering.
  • End point discovery.
  • HTTP Headers.
  • HTTP status codes.
  • HTTP methods.
  • Input parameters.
  • Cookies.
  • HTML basics for bug hunting.
  • Javascript basics for bug hunting.
  • XML basics for bug hunting.
  • Filtering methods.
  • Bypassing blacklists & whitelists.
  • Bug hunting and research.
  • Hidden paths discovery.
  • Code analyses.


You’ll use the following tools to achieve the above:

  • Ferox Buster.
  • WSL.
  • Dev tools.
  • Burp Suite:
    • Basics.
    • Burp Proxy.
    • Intruder (Simple & Cluster-bomb).
    • Repeater.
    • Collaborator.


With this course you’ll get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.

Checkout the curriculum and the course teaser for more info!

What do you need to complete this course?

Basic Information Technology knowledge
No prior knowledge required in bug hunting, hacking or programming.
Computer with a minimum of 4GB RAM/Memory
Operating System: Windows / Apple Mac OS / Linux


Your instructor

Zaid Sabih

Ethical Hacker, Pentester & Computer Scientist

Zaid Al-Quraishi is an ethical hacker, computer scientist, and founder of zSecurity. He studied CS at UCD, graduating May 2016. Zaid has a strong background and experience in ethical hacking, starting with tutorials in 2009 in an ethical hacking community, iSecur1ty. He also worked as a penetration tester (pentester) for this company. In 2013 he started teaching his first course online in Arabic which received extremely positive feedback. This motivated him to create an English version of the course. The English course became the most popular and top paid course on Udemy for almost a year, which further motivated Zaid to design and teach more courses on ethical hacking. He now offers a number of courses on ethical hacking and more than 800,000 students on Udemy and other teaching platforms such as StackSocial, StackSkills and zSecurity. Zaid says: "I just love hacking and breaking the rules but don't get me wrong, I am an ethical hacker!"


2 ratings
  • Course Content is Excellent.

    After completing 3 other courses from Z Security I knew the content of this course would be excellent. Zaid teaches in a very easy to understand manner for all levels and ability.
  • cX0hT3

    Always 5 stars for Zaid's courses!

    I saw the ad on Youtube that Zaid is releasing a new course and was super excited about it! and once the course was released I bought it without even reading it's contents because I know all Zaid's courses are excellent and you learn a lot from it! I have almost all his courses and I gained a lot of experience. As of this course, I only progressed 10% and can't explain how amazing the course is! thanks alot Zaid! you are exeptional teacher.