Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Zero To Mastery

Web Security & Bug Bounty: Learn Penetration Testing

via Zero To Mastery

Go to class Write review

Overview

Start a career or earn a side income by becoming a Bug Bounty Hunter. No previous experience needed, we teach you everything from scratch. Hack websites, fix vulnerabilities, improve web security, and much more. You'll learn penetration testing from the very beginning and master the most modern pentesting tools and best practices!
  • Learn Penetration Testing from scratch to become a Bug Bounty Hunter and Web Security Expert
  • Setting Up Your Hacking Lab: Kali Linux and Virtual Machines (Works with Windows/Mac/Linux)
  • Discover, exploit, and mitigate all types of web vulnerabilities. Secure any of your future applications using best practices
  • How to make money from bug bounty hunting and make a career of it
  • Learn how to hack & attack systems with known vulnerabilities
  • Website Enumeration & Information Gathering
  • Bug Hunter and the Burpsuite Tool
  • HTML Injections
  • Command Injection/Execution
  • Broken Authentication, Broken Access Control
  • Bruteforce Attacks
  • Security Misconfiguration
  • Cross Site Scripting - XSS
  • SQL Injection, XML, XPath Injection, XXE
  • Logging & Monitoring best practices
  • Web Fundamentals, Networking Fundamentals, Linux Terminal Fundamentals

Syllabus

  •   Introduction To Bug Bounty
    • Web Security & Bug Bounty
    • Course Outline
    • Exercise: Meet Your Classmates and Instructor
    • What is Penetration Testing?
    • What is a Bug Bounty?
    • Course Resources + Guide
    • Understanding Your Video Player
    • Set Your Learning Streak Goal
  •   Our Virtual Lab Setup
    • Virtual Box and Kali Linux Download
    • Setting Up Virtual Lab On M Chip Macbooks
    • Creating Our First Virtual Machine
    • Kali Linux Installation
    • OWASPBWA Installation
    • OWASPBWA Installation For M-series MacBooks
    • Creating TryHackMe Account
    • 2 Paths
    • Let's Have Some Fun (+ Free Resources)
  •   Website Enumeration & Information Gathering
    • Website Enumeration - Theory
    • Google Dorks
    • Ping, Host, Nslookup ...
    • Whatweb
    • Dirb
    • Nmap
    • Nikto
    • Unlimited Updates
  •   Introduction To Burpsuite
    • Burpsuite Configuration
    • Burpsuite Intercept
    • Burpsuite Repeater
    • Burpsuite Intruder
    • Course Check-In
  •   HTML Injection
    • HTML Injection - Theory
    • HTML Injection 1 on TryHackMe
    • HTML Injection 2 - Injecting User-Agent Header
    • Injecting Cookie Field and Redirecting The Page
    • Advance Example of HTML Injection
    • Implement a New Life System
  •   Command Injection/Execution
    • Command Injection Theory
    • Command Injection On TryHackMe and Blind Command Injection
    • Solving Challenges With Command Injection
    • Running PHP Reverse Shell With Command Execution Vulnerability
    • Bypassing Input Filter And Executing Command
  •   Broken Authentication
    • Broken Authentication Theory
    • Broken Authentication On TryHackMe
    • Broken Authentication Via Cookie
    • Basic Authorization in HTTP Request
    • Forgot Password Challenge
    • Session Fixation Challenge
  •   Bruteforce Attacks
    • Cluster Bomb Bruteforce
    • Hydra Bwapp Form Bruteforce
    • Hydra Post Request Form Bruteforce
    • Bonus - Hydra SSH Attack
  •   Sensitive Data Exposure
    • Sensitive Data Exposure Example
  •   Broken Access Control
    • Broken Access Control - Theory
    • Accessing passwd With BAC
    • Ticket Price IDOR
  •   Security Misconfiguration
    • Security Misconfiguration - Default App Credentials
    • Exercise: Imposter Syndrome
  •   Cross Site Scripting - XSS
    • XSS Theory
    • Changing Page Content With XSS
    • Bypassing Simple Filter
    • Downloading a File With XSS Vulnerability
    • DOM XSS Password Generator
    • JSON XSS
    • Old Vulnerable Real Applications
  •   SQL Injection
    • SQL Injection Theory
    • Guide To Exploiting SQL Injection
    • Getting Entire Database
    • Extracting Passwords From Database
    • Bypassing Filter In SQL Query
    • Blind SQL Injection
  •   XML, XPath Injection, XXE
    • XPath Injection
    • XPath Injection 2
    • XXE
  •   Components With Known Vulnerabilities
    • Components With Known Vulnerabilities
  •   Insufficient Logging And Monitoring
    • Insufficient Logging And Monitoring Example
  •   Monetizing Bug Hunting
    • What's Next & How To Earn Money By Finding Vulnerabilities?
    • Unique and Interesting Bugs Discovered
  •   Bonus - Web Developer Fundamentals
    • Browsing the Web
    • Breaking Google
    • The Internet Backbone
    • Traceroute
    • HTML, CSS, Javascript
    • Build Your First Website
    • HTML Tags
    • Your First CSS
    • What Is Javascript?
    • Your First Javascript
    • Javascript On Our Webpage
    • HTTP/HTTPS
    • Introduction To Databases
    • SQL: Create Table
    • SQL: Insert Into + Select
    • What is PHP?
  •   Bonus - Linux Terminal
    • Linux 1 - ls, cd, pwd, touch...
    • Linux 2 - sudo, nano, clear ...
    • Linux 3 - ifconfig, nslookup, host ...
  •   Bonus - Networking
    • Networking Cheatsheet
  •   Where To Go From Here?
    • Thank You
    • Review This Course!
    • Become An Alumni
    • Learning Guideline
    • ZTM Events Every Month
    • LinkedIn Endorsements

Taught by

Aleksa Tamburkovski and Andrei Neagoie

Reviews

Start your review of Web Security & Bug Bounty: Learn Penetration Testing

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.