CF

Web Security & Bug Bounty Learn Penetration Testing in 2023

10h 28m 11s
English
Paid

Embark on a rewarding journey towards becoming a Bug Bounty Hunter with no prior experience required. Dive into the world of hacking websites, fixing vulnerabilities, and enhancing web security. Our comprehensive course covers everything from penetration testing basics to mastering the latest tools and best practices for 2023!

Course Highlights

  • Comprehensive Learning Path: Master penetration testing from the ground up to excel as a bug bounty hunter and web security expert.
  • Setting Up Your Hacking Lab: Learn how to configure Kali Linux and virtual machines compatible with Windows, Mac, and Linux systems.
  • Practical Hacking Skills: Gain hands-on experience by hacking and attacking systems with known vulnerabilities.
  • Burpsuite Mastery: Understand and effectively use the Burpsuite tool for bug hunting.
  • Key Attack Techniques: Command Injection/Execution, Bruteforce Attacks, Security Misconfiguration.
  • Exploiting Vulnerabilities: Dive into SQL Injection, Logging & Monitoring Best Practices.
  • Networking and Discovery: Enhance networking skills and perform Website Enumeration & Information Gathering.
  • Exploiting Common Web Vulnerabilities: HTML Injections, Broken Authentication, Access Control Issues, Cross-Site Scripting (XSS).
  • Advanced Injection Attacks: Explore XML, XPath Injection, XXE.
  • Foundational Knowledge: Learn Web Fundamentals and Linux Terminal Fundamentals.
  • Secure Future Applications: Learn to discover, exploit, and mitigate all types of web vulnerabilities using industry best practices.
  • Monetizing Your Skills: Discover how to turn bug bounty hunting into a profitable career.

About the Author: Zero To Mastery

Zero To Mastery thumbnail

Zero To Mastery (ZTM) is a Toronto-based online coding academy founded by Andrei Neagoie, originally a senior developer at large Canadian tech firms before turning to teaching full-time. The academy's signature is the cohort-based bootcamp track combined with a deep self-paced course library, all aimed at career-changers and self-taught developers preparing to land software-engineering roles at top companies.

The instructor roster has grown well beyond Andrei to include other senior practitioners: Daniel Bourke (machine learning), Aleksa Tešić (DevOps), Jacinto Wong, and others. Courses cover the full software-engineering career path: web development with React and Next.js, Python, machine learning and deep learning, DevOps and cloud, system design, mobile, and the algorithm / data-structure interview prep that gates engineering jobs.

The CourseFlix listing under this source carries over 120 ZTM courses spanning that full range. Material is paid; ZTM itself runs on a monthly / annual membership model. The teaching style favours long-form, project-based courses where students build complete portfolio-quality applications rather than disconnected feature tutorials.

Watch Online 87 lessons

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 87 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing
0:00
/
#1: Course Outline
All Course Lessons (87)
#Lesson TitleDurationAccess
1
Course Outline Demo
06:10
2
Join Our Online Classroom!
04:02
3
What is Penetration Testing ?
05:44
4
What is Bug Bounty ?
06:36
5
ZTM Resources
04:24
6
Virtual Box, Kali Linux Download
11:10
7
Important - New Kali Linux Categories
01:27
8
Kali Linux Installation
12:15
9
OWASPBWA Installation
08:36
10
Creating TryHackMe Account
02:48
11
2 Paths
02:06
12
Website Enumeration - Theory
05:01
13
Google Dorks
11:29
14
Ping, Host, Nslookup ...
07:22
15
Whatweb
08:53
16
Dirb
06:21
17
Nmap
11:29
18
Nikto
06:33
19
Burpsuite Configuration
07:48
20
Burpsuite Intercept
07:28
21
Burpsuite Repeater
07:49
22
Burpsuite Intruder
09:21
23
HTML Injection - Theory
03:25
24
HTML Injection 1 on TryHackMe
09:02
25
HTML Injection 2 - Injecting User-Agent Header
03:50
26
Injecting Cookie Field and Redirecting The Page
05:24
27
Advance Example of HTML Injection
13:19
28
Command Injection Theory
04:15
29
Command Injection On TryHackMe and Blind Command Injection
09:56
30
Solving Challenges With Command Injection
09:31
31
Running PHP Reverse Shell With Command Execution Vulnerability
07:27
32
Bypassing Input Filter And Executing Command
07:26
33
Broken Authentication Theory
04:24
34
Broken Authentication On TryHackMe
06:01
35
Broken Authentication Via Cookie
04:31
36
Basic Authorization in HTTP Request
06:35
37
Forgot Password Challenge
08:22
38
Session Fixation Challenge
05:10
39
Cluster Bomb Bruteforce
06:39
40
Hydra Bwapp Form Bruteforce
12:21
41
Hydra Post Request Form Bruteforce
05:25
42
Extra - Hydra SSH Attack
04:16
43
Sensitive Data Exposure Example
10:12
44
Broken Access Control - Theory
06:28
45
Accessing passwd With BAC
04:25
46
Ticket Price IDOR
06:34
47
Security Misconfiguration - Default App Credentials
04:42
48
Exercise: Imposter Syndrome
02:57
49
XSS Theory
06:13
50
Changing Page Content With XSS
10:54
51
Bypassing Simple Filter
03:49
52
Downloading a File With XSS Vulnerability
09:06
53
DOM XSS Password Generator
05:36
54
JSON XSS
08:10
55
Old Vulnerable Real Applications
04:12
56
SQL Injection Theory
04:01
57
Guide To Exploiting SQL Injection
08:01
58
Getting Entire Database
05:26
59
Extracting Passwords From Database
19:44
60
Bypassing Filter In SQL Query
06:07
61
Blind SQL Injection
11:39
62
XPath Injection
06:24
63
XPath Injection 2
03:58
64
XXE
07:23
65
Components With Known Vulnerabilities Example
10:07
66
Insufficient Logging And Monitoring Example
04:02
67
Whats Next & How To Earn Money By Finding Vulnerabilities ?
11:36
68
Browsing the Web
06:01
69
Breaking Google
03:01
70
The Internet Backbone
05:30
71
Traceroute
02:25
72
HTML, CSS, Javascript
05:05
73
Build Your First Website
07:49
74
HTML Tags
08:40
75
Your First CSS
13:43
76
What Is Javascript?
05:34
77
Your First Javascript
11:42
78
Javascript On Our Webpage
09:06
79
HTTP/HTTPS
19:59
80
Introduction To Databases
10:55
81
SQL: Create Table
05:16
82
SQL: Insert Into + Select
04:34
83
What is PHP?
05:17
84
Linux 1 - ls, cd, pwd, touch...
13:47
85
Linux 2 - sudo, nano, clear ...
07:01
86
Linux 3 - ifconfig, nslookup, host ...
07:35
87
Thank You
01:14
Unlock unlimited learning

Get instant access to all 86 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription

Related courses

Frequently asked questions

What prerequisites are needed for this course?
No prior experience in penetration testing or web security is required to enroll in this course. It is designed to take you from beginner to advanced levels, starting with foundational knowledge such as Web Fundamentals and Linux Terminal Fundamentals. Basic computer literacy and familiarity with using a computer are recommended to ensure you can follow the course effectively.
What projects or skills will I develop by the end of the course?
By the end of the course, you will have hands-on experience with penetration testing techniques, including exploiting vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), and Command Injection. You will also master tools such as Burpsuite for bug hunting and learn to configure a hacking lab using Kali Linux. These skills will prepare you for real-world bug bounty hunting and web security roles.
Who is the target audience for this course?
This course is ideal for individuals looking to start a career in web security or bug bounty hunting. It caters to beginners who want to gain practical hacking skills and those interested in enhancing their knowledge of securing web applications. Professionals in IT and cybersecurity fields seeking to update their penetration testing skills for 2023 will also benefit from this course.
How does this course compare to other penetration testing courses?
The course offers a comprehensive path from basic to advanced penetration testing, focusing on the latest tools and techniques for 2023. It covers a wide range of topics from setting up a hacking lab to advanced injection attacks like XML and XPath Injection. Unlike some courses that may focus on theory, this course emphasizes practical, hands-on experience with real-world applications and challenges.
What tools and platforms will I learn to use in this course?
You will learn to configure and use Kali Linux and virtual machines compatible with Windows, Mac, and Linux systems as your hacking lab environment. The course covers tools like Burpsuite for bug hunting and other penetration testing tools such as Nmap, Nikto, and Hydra for network and web vulnerability assessments.
What topics are not covered in this course?
While the course provides an extensive overview of web security and penetration testing, it does not cover mobile application security or advanced topics in network penetration testing. The focus is primarily on web vulnerabilities, and those seeking specialized knowledge in other areas may need to pursue additional courses.
What is the expected time commitment for completing the course?
The course comprises 87 lessons, each designed to provide a comprehensive understanding of web security and penetration testing. The time commitment will vary based on individual learning pace, but students should expect to dedicate several hours per week over the course duration to complete assignments, hands-on labs, and review materials effectively.