Save for later

Website Hacking / Penetration Testing & Bug Bounty Hunting

Note: The contents of this course are not covered in any of my other courses except for some basics. Although website hacking is covered in one of my other courses, that course only covers the basics where this course dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post exploitation, bypassing security and more.

Welcome to my this comprehensive course on Website penetration testing. In this course you'll learn website / web applications hacking & Bug Bounty hunting.  This course assumes you have NO prior knowledge in hacking, and by the end of it you'll be at a high level, being able to hack & discover bugs in websites like black-hat hackers and secure them like security experts.

This course is highly practical but it won't neglect the theory, first you'll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we'll start with websites basics, the different components that make a website, the technologies used, and then we'll dive into website hacking straight away. From here onwards you'll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we'll never have any dry boring theoretical lectures.

Before jumping into hacking, you'll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.

All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.

You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.

Here's a more detailed breakdown of the course content:

1. Information Gathering - In this section you'll learn how to gather information about a target website, you'll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.

2. Discovery, Exploitation & Mitigation - In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security, and finally we will analyse the code causing this vulnerability and see how to fix it, the following vulnerabilities are covered in the course:

  • File upload -  This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.

  • Code Execution - This vulnerability allow users to execute system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.

  • Local File Inclusion - This vulnerability can be used to read any file on the target server, so it can be exploited to read sensitive files, we will not stop at that though, you will learn two methods to exploit this vulnerability to get a reverse shell connection which gives you full control over the target web server.

  • Remote File Inclusion - This vulnerability can be used to load remote files, exploiting this vulnerability properly gives you full control over the target web server.

  • SQL Injection -  This is one of the most dangerous vulnerabilities, it is everywhere and can be exploited to do all of the things the above vulnerabilities allow us to do and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read/write files and even get a reverse shell access which gives you full control over the target server.

  • Cross Site Scripting (XSS) - This vulnerability can be used to inject javascript code in vulnerable pages, we won't stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer.

  • Insecure Session Management - In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Request Forgery) vulnerabilities to force users to change their password, or submit any request you want.

  • Brute Force & Dictionary Attacks - In this section you will learn what are these attacks, the difference between them and how to launch them, in successful cases you will be able to guess the password for a target user.

3. Post Exploitation - In this section you will learn what can you do with the access you gained by exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions.  

With this course you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 15 hours.


  • This course is created for educational purposes only and all the attacks are launched in my own lab or against systems that I have permission to test.

  • This course is totally a product of Zaid Sabih & zSecurity, no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that

Get Details and Enroll Now

OpenCourser is an affiliate partner of Udemy and may earn a commission when you buy through our links.

Get a Reminder

Send to:
Rating 4.5 based on 1,009 ratings
Length 10.5 total hours
Starts On Demand (Start anytime)
Cost $19
From Udemy
Instructors Zaid Sabih, z Security
Download Videos Only via the Udemy mobile app
Language English
Subjects IT & Networking
Tags IT & Software Network & Security

Get a Reminder

Send to:

Similar Courses

What people are saying

easy to follow

Very easy to follow along with.

Great detailed courese with clear and easy to follow explanations Zaid, you did an excellent work in this course.

This course is well-organized and easy to follow.

It's well explained and easy to follow, i liked it :D great!

Easy to follow The time worth it.

Thanks Zaid Perfect course, right pace, both basics and going into more advanced examples I would recommend to add 1-2 exercices/practice with answers in Q&A for instance at the end of the main parts, Easy to understand, easy to follow.

Awesome course, this will give you all required informationen if u will start as an Ethical Hacker, if you know some basics from web programing it is easy to follow and understand.

The topics are very well explained, easy to follow, and even though I knew some of these areas, I've learned many new tricks so far.

It was easy to follow, excellent clarity in delivery and above all very precise to the point.

The course was easy to follow and the instuctor easy to understand (despite my bad hearing).

:) Good course, well explained and easy to follow (at least for a programmer).

Very informative and easy to follow!

Love the course, its easy to follow and your tought a lot, however i do wish that Zaid would go deeper with the individual things instead og just scraping over the top of them To an extent am enjoying the class Good knowledge on web applications Makes alot of sense, he knows what he is talking about and its easy to understand.

I find this course easy to follow, informative and fun.

Read more

penetration testing

It is an amazing website hacking & penetration testing course.

Everything you need, to start your web penetration testing career, starts here.

(I wanted to buy the ethal hacking from scratch.. :( ) This has been the best course for me.Being a beginner to this course i learned so much about hacking and penetration testing Hats off to zaid for designing such an amazing course!!!

Really thorough and accessible course Well delivered course BUT i need more method for how to hack a website (XML maybe, etc) As a one who studies penetration testing for a couple of years I actually managed to learn many new techniques.

I was an absolute novice when it came to anything related to penetration testing and cybersecurity.

very informative and interesting topic esp for penetration testing This is my 3rd course from Zaid.

Basic concepts are been cleared by this but its not for an expert level it was pretty good for me Nice content and good practice of penetration testing This is excellent so far, just what I was looking for.

Took us through all the phases of website penetration testing.

yes This is one of the best course for penetration testing.

I would like to recommend all, those who are interested in hacking & penetration testing and gain a full knowledge from this field.

I would suggest this class to anyone who wants to learn penetration testing or learn a new skill or learn more about a skill they already have.

Very easy to understand and the course will give good amount of knowledge about Website Penetration testing.

Great Instructor and very useful information's, I like and very recommended to anybody interesting in web application penetration testing.

Great opportunity for everyone who is new to the penetration testing to acquire valuable knowledge.

Read more

so far so good

its an interesting and informative course so far so good.

So far so good!

Very Good so far very good enjoying the course Good so far so good.

So far so good, the instructor explains it well, but I am building a list of things to learn along the way like SQL, HTML, maybe a bit of JS It was a wonderful experience with you Mr. Zaid, hope to learn from you more.

so far so good , i am enjoying the rectures.

so far good Very good video having very good content -- LOUD and CLEAR yeah quite good for a noob like me great tutor this course gives a light about how website works and thanks to instructor because for this lessons i have learned a lot in hacking and how to build the best protective website out there So far so good.

So far so good.

amazing so far so good.

very solid piece of information so far so good really nice step by step explanation!!

Great information understood everything so far so good.

Excellent teacher So far so good.

good explanation So far it’s been good Very informative great course si, pero que tenga subtitulos en español So far so good.

So far so good SO far good.. 讲师讲课不啰嗦,句句都是干货 Amazing.... Clear and clarity in explainations clear and concise great.

no problems so far so good It's a very helpfull for me ..

Read more

step by step

great course.... but i am strongly recommend you to study basics of sql and javascript before watching this course... zaid and his team are the best on the udemy i think The course, so far, has given me step by step instructions on how to do things.

A very detailed and step by step explanation.

I think its very interesting so far Great course, everything is clear and step by step with plenty of resources.

Very good course, step by step, clear and easy explanations, just really good, I totally recommend this course to anyone interested in web application pentesting Short or busy schedule?

If you are someone trying to learn step by step how to pen-test a website, this course is for you.

Zaid literally walks you step by step through the process web pen testing from beginner to advanced.

i'm working step by step with the videos and I enjoy each step through this course.

so far been very informational and like how he guides you step by step This course has been very insightful.

Excellent step by step clear explanations with resources available to deal with any other issues if required.

Great information Excellent step by step information.

So far, very simple, clear and step by step guidance over the basics.

Zaid explains very well step by step - nice work!

Simply awesome Zaid has explained everything perfectly step by step.

only started, so soon to tell, seems like good choise for me yes Great all working As a total NOOB am finding course very informative and easy to follow :) Exactly what I was looking for :) I'm so happy to get step by step instructions for installing VMs - thank you!

Read more

ethical hacking

I try lots of ethical hacking courses previously but didn't understand anything about hacking but when I completed website ethical hacking course of Zaid I got lot's of knowledge about website ethical hacking .

I must say teaching style of Zaid is great because I was totally beginner who didn't know anything about hacking now I have good understanding about website ethical hacking.

Zaid IS my favorite ethical hacking teacher.

Very clear and informative This will good start for anyone who have no idea about what is ethical hacking and some good hands on over to lots of tool and techniques for penetration testing.

I have also done Zaid's other tutorial (Learning ethical hacking from scratch) and I can tell you, these 2 courses are just top quality.

Also, I would like to see and try more tools which are in Kali Linux Course shows in depth web pen testing methods that are not shown in the other ethical hacking courses.

I work in IT as a Desktop Supoprt Engineer and i have done the Ethical Hacking Course and Website Hacking course and my manager is now looking to start me as an apprentice in the Security Team.

It's not suprising as it uses some concepts from Zaid's main "ethical hacking course" and he had video material he wanted to split.

Also leider nur viel Anwendung ohne die Hintergründe richtig zu verstehen muito didatico e com conteudo bem explicado I took this course after completing the Instructor's other course "Learn Ethical Hacking from Scratch".

te I have a few of Zaids courses now and find that they are the best I have found so far, very easy to understand and would highly recommend them for ethical hacking It's really great course.

I am enrolled in his other Ethical Hacking course and this is a wonderful supplement for a total of no more than $25!

As a beginner in the field of ethical hacking and penetration I have given a 5 star as the teaching is easily understood.

4 - videos on youtube explain way better how to use Kali tools, so don't waste your money here the teacher sounds interesting and explains things so that beginners can follow and get better quickly without much usage of deep terms in the world of ethical hacking very knowledgeable instructor, nice from start to finish Interactive course I am enjoying the coarse so far.

So far a great add on to the over all ethical hacking course Amazing Lectures and great knowledge shared by the speaker !

Read more

web application

I will try and implement these techniques in real life web applications in an ethical way!

and amazing I'm a Lead Developer, recently tasked with the development/upkeep of a large, multi-user web application.

I was able to learn a lot about web application hacking that is required in my current role at work.

Wish there was an example attack on an online web application.

Recommend for beginner who interested to learn Web Application Hacking.

This course really helped me a lot to understand web application testing in a very easy way.

I recommend this course to web application pentesters.

The course was really helpful and gave me in-depth explanation on how locate vulnerabilities and also how secure my web applications.

It does not only give you information about how web application can be insecure but it also teaches you how to handle these types of vulnerabilities.

Gives a good understanding of some typical finding that you would experience for web application testing (generally OWASP Top 10).

This course helped me to build knowledge in web application flaws and how to crack it .

Excellent course to learn web application penetration testing.

Earlier I had theoretical understanding of web application vulnerabilities, but after this course, I gained confidence on the hands on part.

The course is best suited for the folks with intermediate knowledge in web application technologies Amazing course!

Read more

pen testing

I have gained so much knowledge about website hacking/pen testing that i didn't knew before.

Good practical experience and detailed step-by-step explanations Had zero knowledge about Web app pen testing.

This is a good generalist course and a first step to developing pen testing skills.

I found that this course is probably the most efficient way to start into domain of website security & pen testing.

It has helped me to refocus on the pen testing process after life got in the way of the momentum I had built in past studies.

This course is really good, it explains everything you need to know to make a pen testing on most websites.

I have just purchased web app pen testing training, It is perfect.

I have decent knowledge of how to internet 'works' and web dev in general but not much idea about pen testing and security.

The course is really good and helpful for the beginners trying pen testing.

The tiredness got on top of me and i would gladly take a second part of this course if one is available.. Good starting point for Pen testing.

Read more

highly recommended

Highly recommended!

Highly recommended.


I really enjoyed the course and it is highly recommended for anyone pursing a career in pentesting and mostly i enjoyed weevely for generating backdoors and all the functions are really cool.

Solid course has provided me with a great understanding of web pentesting and websites in general I highly recommended this course.

Highly recommended Excellent course.

Excellent Course Great course with valuable learning stuff, highly recommended especially for people who are looking to be IT professional or working in web development industry.

Highly recommended BIG thanks Teacher!

So i highly recommended to any one who is interested in hacking to take this course good The instructor is perfectly good.

Read more

real world

I would have loved some more real world examples, specifically relating to how to hunt for things such as XSS attacks, but I understand that could be in a later course.

Great course with real world examples.

It would be nice if there are some real world cases/exercises included.

Most things were according to the real world scenarios.

I can very confidently apply those techniques I learned in real world scenarios.

He really knows his stuff and he teaches you what you need to know to get going with real world penetration testing.

But should include more real world case scenarios as it is a hands on course .

So cannot get real world experience.

While the content is highly detailed and certainly plumb full of "real world" and relevant examples, I think what's even more impressive is the instructor's refined ability to teach and present information in a way that resonates with students.

I would say this course is out of date in real world.

Read more

virtual machine

Setting up a virtual machine was explained very well.

it is excellent and amazing The first steps of getting a virtual machine up and running seem intimidating to inexperienced users, but the instructor made the process very clear and simple, and had resources ready for common installation issues you may encounter.

this course is amazing , but it's i feel like it's needs Arabic sub title 30 minutes in and still setting up virtual machines and learning their interfaces.

I was able to setup all of the virtual machines with very little issues.

Good to go.. Instructor is very knowledgeable and made getting startex and setting up virtual machinez easy very clear explanation of all the subjects but a little basic so far Right now m feeling good because till now what is taught is same as what m getting except for one step where while starting the virtual machine(kali) I got an error that say either you have to disable your usb 2.0 or reinstall correct version of vm box but I have done all the same as what is told in lecture, so I simply disable the usb2.0.

Thanks so in detail and very easy to understand i love it now i can have a virtual machine which i could never download right and you are very on point with problems and way to fix them.

Good Overview till now of Virtual machine and Kali Por el momento, todo va bien.

Read more

kali linux

Since it contains great information about tools in Kali Linux.

Installed software not working properly inside Kali Linux and no explanation was given there.

I had a lot of problems trying to dowload the kali linux lab and i had trouble opening it.

Very informative and detailed Kali linux setup did not work like in the video absolutely - I've never tried actually ethical hacking and pentesting before, I've know about it and read some articles and watched some videos on it.

You did not explain how I proved the Kali Linux way.

Read more

till now

Till now the way the course is presented is OK, nice practical SQL injection knowledge very easy to understand..This course is really worth The best course on website penetration testing and the course is highly practical and best part is zaid sir doesn't neglect the theory i really like the course even though i do encounter some errors the staff is very quick to respond and helpful I recommend this course, It is suitable for any level, gave me new concepts which are taught In a way that I started applying them in the field right away.

Im happy we will see after few more section till now all the problems he said is solved Yes, indeed its a very good starting point for me.The only issue was the voice.It was getting cut at certain places and then start abruptly which was annoying.

Good to have you here Creo que es muy útil good till now Very detailed so far.

good Till now good experience

Read more


An overview of related careers and their average salaries in the US. Bars indicate income percentile.

RN Infection Control Full Time Abrazo Central Campus $26k

Full-Charge Bookeeper $44k

Full Time Trainer $53k

Full Floor Specialist $58k

Full Charge Accountant $64k

Full Desk IT Recruiter $73k

full professor of painting $75k

Full Member $84k

Tenured Full-Professor $100k

Professor (full) $103k

Clinical Full Professor $123k

Full Professor, Chemistry $125k

Write a review

Your opinion matters. Tell us what you think.

Rating 4.5 based on 1,009 ratings
Length 10.5 total hours
Starts On Demand (Start anytime)
Cost $19
From Udemy
Instructors Zaid Sabih, z Security
Download Videos Only via the Udemy mobile app
Language English
Subjects IT & Networking
Tags IT & Software Network & Security

Similar Courses

Sorted by relevance

Like this course?

Here's what to do next:

  • Save this course for later
  • Get more details from the course provider
  • Enroll in this course
Enroll Now