Website Hacking / Penetration Testing & Bug Bounty Hunting

User Avatar
(17 reviews)
All levels
9 hours
$195.00 $99.00

Test website security and become a Bounty Hunter

Do you want to become a bug bounty hunter? Do you want to secure your website or mobile app? How about launching a new career in the world of professional penetration testing or ethical hacking? If so, this is the course for you.

This course is designed for beginners with no previous knowledge who want to learn how to test the security of websites. The great news is that you don’t need prior programming or hacking knowledge – I assume you’re starting from scratch and by the end of the course you’ll be at a high-intermediate level, being able to hack systems like black-hat hackers and secure them like security experts.

The difference is, you’ll be doing it for the good of your company or clients. Plus, you’ll benefit from the recognition that comes with being skilled in this high-demand field.

All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.

Website Hacking / Penetration Testing & Bug Bounty Hunting course content

Learn web & cloud fundemantals and the technologies used
Discover, exploit and mitigate common web vulnerabilities
Start on the right path of becoming a bug bounty hunter
Learn advanced post exploitation techniques

Why is this course so in demand?

Lifetime access to course materials and videos
Set the pace of your own study
Learn the way that best suits you
Get answers from our Support Team within 15 hours
Verifiable zSecurity certificate of completion
Unlimited updates to course materials and videos

Plus! Free 1-month VIP membership with:

Live mentoring and Q&A session with course instructor and CTO, Zaid
Instant support from community members through our private discord channel
Daily updates with the latest tutorials and news from the hacking world
Daily resources like CTFs, bug bounty programs, onion services and more
Access our VIP community and connect with like-minded people
Discounts and offers on other zSecurity products and services

Here's how it works

This course is highly practical but it won’t neglect the theory, first you’ll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we’ll start with websites basics, the different components that make a website, the technologies used, and then we’ll dive into website hacking straight away. You’ll learn everything by example, by discovering and exploiting vulnerabilities to hack into websites, no dry boring theoretical lectures.

Before jumping into hacking, you’ll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.

You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.

What do you need to complete the Website Hacking / Penetration Testing & Bug Bounty Hunting course?

Basic Information Technology knowledge
No Linux, programming or hacking knowledge
Computer with a minimum of 4GB RAM/Memory
Operating System: Windows / OS X / Linux
$195.00 $99.00


17 ratings
  • Dustin Foster

    Great easy to follow along with Zaid. Very informative but not so much that you get overwhelmed. I feel many teachers will throw so much at a student that they feel as if they can’t do it and quit. Zaid is excellent for beginners & for anyone just needing to refresh’s on a topic. Highly recommend worth every penny.

  • Ulises Violante

    Zaid is a great teacher, and the course is very well thought. Despite the fact I have more than 20 years working on IT, I´ve learned many things with Zaid and sometimes is really amazing how easy it could hack a website.


  • Intro 1

  • Preparation - Creating a Penetration Testing Lab 6

    • Lecture2.1
      Lab Overview 06 min
    • Lecture2.2
      Initial Preparation 09 min
    • Lecture2.3
      Installing Kali Linux as a VM on Windows 09 min
    • Lecture2.4
      Installing Kali Linux as a VM on Apple Mac OS 10 min
    • Lecture2.5
      Installing Kali Linux as a VM on Linux 11 min
    • Lecture2.6
      Installing Metasploitable As a Virtual Machine 04 min
  • Preparation - Linux Basics 3

    • Lecture3.1
      Basic Overview Of Kali Linux 05 min
    • Lecture3.2
      The Linux Terminal & Basic Linux Commands 13 min
    • Lecture3.3
      Configuring Metasploitable 04 min
  • Website Basics 2

    • Lecture4.1
      What Is a Website? 04 min
    • Lecture4.2
      How To Hack a Website? 05 min
  • Information Gathering 9

    • Lecture5.1
      Gathering Information Using Whois Lookup 05 min
    • Lecture5.2
      Discovering Technologies Used On The Website 06 min
    • Lecture5.3
      Gathering Comprehensive DNS Information 10 min
    • Lecture5.4
      Discovering Websites On The Same Server 04 min
    • Lecture5.5
      Discovering Subdomains 04 min
    • Lecture5.6
      Discovering Sensitive Files 07 min
    • Lecture5.7
      Analyzing Discovered Files 04 min
    • Lecture5.8
      Maltego – Discovering Servers, Domains & Files 08 min
    • Lecture5.9
      Maltego – Discovering Websites, Hosting Provider & Emails 05 min
  • File Upload Vulnerabilities 6

  • Code Execution Vulnerabilities 3

    • Lecture7.1
      How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites 07 min
    • Lecture7.2
      Exploiting Advanced Code Execution Vulnerabilities 06 min
    • Lecture7.3
      [Security] – Fixing Code Execution Vulnerabilities 06 min
  • Local File Inclusion Vulnerabilities (LFI) 3

  • Remote File Inclusion Vulnerabilities (RFI) 4

    • Lecture9.1
      Remote File Inclusion Vulnerabilities – Configuring PHP Settings 04 min
    • Lecture9.2
      Remote File Inclusion Vulnerabilities – Discovery & Exploitation 06 min
    • Lecture9.3
      Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites 03 min
    • Lecture9.4
      [Security] Fixing File Inclusion Vulnerabilities 06 min
  • SQL Injection Vulnerabilities 2

    • Lecture10.1
      What is SQL 06 min
    • Lecture10.2
      Dangers of SQL Injections 03 min
  • SQL Injection Vulnerabilities - SQLi In Login Pages 4

    • Lecture11.1
      Discovering SQL Injections In POST 08 min
    • Lecture11.2
      Bypassing Logins Using SQL Injection Vulnerability 05 min
    • Lecture11.3
      Bypassing More Secure Logins Using SQL Injections 06 min
    • Lecture11.4
      [Security] Preventing SQL Injections In Login Pages 08 min
  • SQL injection Vulnerabilities - Extracting Data From The Database 4

    • Lecture12.1
      Discovering SQL Injections in GET 07 min
    • Lecture12.2
      Reading Database Information 05 min
    • Lecture12.3
      Finding Database Tables 03 min
    • Lecture12.4
      Extracting Sensitive Data Such As Passwords 04 min
  • SQL injection Vulnerabilities - Advanced Exploitation 11

    • Lecture13.1
      Discovering & Exploiting Blind SQL Injections 06 min
    • Lecture13.2
      Discovering Complex SQL Injection Vulnerabilities 07 min
    • Lecture13.3
      Exploiting an advanced SQL Injection Vulnerability to Extract Passwords 05 min
    • Lecture13.4
      Bypassing Filters 05 min
    • Lecture13.5
      Bypassing Security & Accessing All Records 08 min
    • Lecture13.6
      [Security] Quick Fix To Prevent SQL Injections 07 min
    • Lecture13.7
      Reading & Writing Files On The Server Using SQL Injection 06 min
    • Lecture13.8
      Getting A Shell & Controlling The Target Server Using an SQL Injection 08 min
    • Lecture13.9
      Discovering SQL Injections & Extracting Data Using SQLmap 07 min
    • Lecture13.10
      Getting a Direct SQL Shell using SQLmap 03 min
    • Lecture13.11
      [Security] – The Right Way To Prevent SQL Injection Vulnerabilities 05 min
  • XSS Vulnerabilities 6

    • Lecture14.1
      Introduction – What is XSS or Cross Site Scripting? 03 min
    • Lecture14.2
      Discovering Basic Reflected XSS 04 min
    • Lecture14.3
      Discovering Advanced Reflected XSS 04 min
    • Lecture14.4
      Discovering An Even More Advanced Reflected XSS 07 min
    • Lecture14.5
      Discovering Stored XSS 03 min
    • Lecture14.6
      Discovering Advanced Stored XSS 03 min
  • XSS Vulnerabilities - Exploitation 12

    • Lecture15.1
      Hooking Victims To BeEF Using Reflected XSS 06 min
    • Lecture15.2
      Hooking Victims To BeEF Using Stored XSS 04 min
    • Lecture15.3
      Interacting With Hooked Victims 04 min
    • Lecture15.4
      Running Basic Commands On Victims 04 min
    • Lecture15.5
      Stealing Credentials/Passwords Using A Fake Login Prompt 02 min
    • Lecture15.6
      Bonus – Installing Veil Framework 04 min
    • Lecture15.7
      Bonus – Veil Overview & Payloads Basics 07 min
    • Lecture15.8
      Bonus – Generating An Undetectable Backdoor Using Veil 3 10 min
    • Lecture15.9
      Bonus – Listening For Incoming Connections 07 min
    • Lecture15.10
      Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 07 min
    • Lecture15.11
      BeEF – Gaining Full Control Over Windows Target 04 min
    • Lecture15.12
      [Security] Fixing XSS Vulnerabilities 07 min
  • Insecure Session Management 5

    • Lecture16.1
      Logging In As Admin Without a Password By Manipulating Cookies 06 min
    • Lecture16.2
      Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 07 min
    • Lecture16.3
      Exploiting CSRF To Change Admin Password Using a HTML File 07 min
    • Lecture16.4
      Exploiting CSRF Vulnerabilities To Change Admin Password Using Link 06 min
    • Lecture16.5
      [Security] The Right Way To Prevent CSRF Vulnerabilities 09 min
  • Brute Force & Dictionary Attacks 3

    • Lecture17.1
      Introduction to Brute Force & Dictionary Attacks? 04 min
    • Lecture17.2
      Creating a Wordlist 06 min
    • Lecture17.3
      Guessing Login Password Using a Wordlist Attack With Hydra 13 min
  • Discovering Vulnerabilities Automatically Using Owasp ZAP 2

    • Lecture18.1
      Scanning Target Website For Vulnerabilities 04 min
    • Lecture18.2
      Analysing Scan Results 04 min
  • Post Exploitation 11

    • Lecture19.1
      Post Exploitation Introduction 04 min
    • Lecture19.2
      Executing System Commands On Hacked Web Servers 07 min
    • Lecture19.3
      Escalating Reverse Shell Access To Weevely Shell 08 min
    • Lecture19.4
      Weevely Basics – Accessing Other Websites, Running Shell Commands …etc 06 min
    • Lecture19.5
      Bypassing Limited Privileges & Executing Shell Commands 05 min
    • Lecture19.6
      Downloading Files From Target Webserver 05 min
    • Lecture19.7
      Uploading Files To Target Webserver 08 min
    • Lecture19.8
      Getting a Reverse Connection From Weevely 08 min
    • Lecture19.9
      Accessing The Database 09 min
    • Lecture19.10
      Conclusion 05 min
    • Lecture19.11
      Writing a Pentest Report 14 min
  • Bonus Section 1

    • Lecture20.1
      Bonus Lecture – What’s Next?

Your instructor

Zaid Sabih

Ethical Hacker, Pentester & Computer Scientist

Zaid Al-Quraishi is an ethical hacker, computer scientist, and founder of zSecurity. He studied Computer Science at University College Dublin, graduating May 2016.Zaid has a strong background and experience in ethical hacking, starting with video tutorials in 2009 in an ethical hacking community, He also worked as a penetration tester (pentester) for this company.In 2013 he started teaching his first course online in Arabic which received extremely positive feedback. This motivated him to create an English version of the course. The English course became the most popular and top paid course on Udemy for almost a year, which further motivated Zaid to design and teach more courses on ethical hacking.He now offers a number of courses on ethical hacking and more than 200,000 students on Udemy and other teaching platforms such as StackSocial, StackSkills and zSecurity.Zaid says: "I just love hacking and breaking the rules but don't get me wrong, I am an ethical hacker!"