Test website security and become a Bounty Hunter
Do you want to become a bug bounty hunter? Do you want to secure your website or mobile app? How about launching a new career in the world of professional penetration testing or ethical hacking? If so, this is the course for you.
This course is designed for beginners with no previous knowledge who want to learn how to test the security of websites. The great news is that you don’t need prior programming or hacking knowledge – I assume you’re starting from scratch and by the end of the course you’ll be at a high-intermediate level, being able to hack systems like black-hat hackers and secure them like security experts.
The difference is, you’ll be doing it for the good of your company or clients. Plus, you’ll benefit from the recognition that comes with being skilled in this high-demand field.
All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.
Website Hacking / Penetration Testing & Bug Bounty Hunting course content
Why is this course so in demand?
Plus! Free 1-month VIP membership with:
Here's how it works
This course is highly practical but it won’t neglect the theory, first you’ll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we’ll start with websites basics, the different components that make a website, the technologies used, and then we’ll dive into website hacking straight away. You’ll learn everything by example, by discovering and exploiting vulnerabilities to hack into websites, no dry boring theoretical lectures.
Before jumping into hacking, you’ll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.
You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.
What do you need to complete the Website Hacking / Penetration Testing & Bug Bounty Hunting course?
Great easy to follow along with Zaid. Very informative but not so much that you get overwhelmed. I feel many teachers will throw so much at a student that they feel as if they can’t do it and quit. Zaid is excellent for beginners & for anyone just needing to refresh’s on a topic. Highly recommend worth every penny.
Zaid is a great teacher, and the course is very well thought. Despite the fact I have more than 20 years working on IT, I´ve learned many things with Zaid and sometimes is really amazing how easy it could hack a website.
Preparation - Creating a Penetration Testing Lab
Preparation - Linux Basics
- Gathering Information Using Whois Lookup
- Discovering Technologies Used On The Website
- Gathering Comprehensive DNS Information
- Discovering Websites On The Same Server
- Discovering Subdomains
- Discovering Sensitive Files
- Analyzing Discovered Files
- Maltego – Discovering Servers, Domains & Files
- Maltego – Discovering Websites, Hosting Provider & Emails
File Upload Vulnerabilities
Code Execution Vulnerabilities
Local File Inclusion Vulnerabilities (LFI)
Remote File Inclusion Vulnerabilities (RFI)
SQL Injection Vulnerabilities
SQL Injection Vulnerabilities - SQLi In Login Pages
SQL injection Vulnerabilities - Extracting Data From The Database
SQL injection Vulnerabilities - Advanced Exploitation
- Discovering & Exploiting Blind SQL Injections
- Discovering Complex SQL Injection Vulnerabilities
- Exploiting an advanced SQL Injection Vulnerability to Extract Passwords
- Bypassing Filters
- Bypassing Security & Accessing All Records
- [Security] Quick Fix To Prevent SQL Injections
- Reading & Writing Files On The Server Using SQL Injection
- Getting A Shell & Controlling The Target Server Using an SQL Injection
- Discovering SQL Injections & Extracting Data Using SQLmap
- Getting a Direct SQL Shell using SQLmap
- [Security] – The Right Way To Prevent SQL Injection Vulnerabilities
XSS Vulnerabilities - Exploitation
- Hooking Victims To BeEF Using Reflected XSS
- Hooking Victims To BeEF Using Stored XSS
- Interacting With Hooked Victims
- Running Basic Commands On Victims
- Stealing Credentials/Passwords Using A Fake Login Prompt
- Bonus – Installing Veil Framework
- Bonus – Veil Overview & Payloads Basics
- Bonus – Generating An Undetectable Backdoor Using Veil 3
- Bonus – Listening For Incoming Connections
- Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
- BeEF – Gaining Full Control Over Windows Target
- [Security] Fixing XSS Vulnerabilities
Insecure Session Management
- Logging In As Admin Without a Password By Manipulating Cookies
- Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
- Exploiting CSRF To Change Admin Password Using a HTML File
- Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
- [Security] The Right Way To Prevent CSRF Vulnerabilities
Brute Force & Dictionary Attacks
Discovering Vulnerabilities Automatically Using Owasp ZAP
- Post Exploitation Introduction
- Executing System Commands On Hacked Web Servers
- Escalating Reverse Shell Access To Weevely Shell
- Weevely Basics – Accessing Other Websites, Running Shell Commands …etc
- Bypassing Limited Privileges & Executing Shell Commands
- Downloading Files From Target Webserver
- Uploading Files To Target Webserver
- Getting a Reverse Connection From Weevely
- Accessing The Database