Learn Bug Bounty Hunting & Web Security Testing From Scratch

person icon Zaid Sabih

Learn Bug Bounty Hunting & Web Security Testing From Scratch

Learn how to discover bugs / vulnerabilities like experts | OWASP top 10 + more | No prior knowledge required

updated on icon Updated on Sep, 2023

language icon Language - English

person icon Zaid Sabih

architecture icon Bug Bounty,IT & Software,Network & Security


30-days Money-Back Guarantee

Training 5 or more people ?

Get your team access to 19,000+ top Tutorialspoint courses anytime, anywhere.

Course Description

Welcome to my comprehensive course on Bug Bounty Hunting & Web Security Testing course. This course assumes you have NO prior knowledge, it starts with you from scratch and takes you step-by-step to an advanced level, able to discover a large number of bugs or vulnerabilities (including the OWASP top 10) in any web application regardless of the technologies used in it or the cloud servers that it runs on.

This course is highly practical but doesn't neglect the theory, we'll start with basics to teach you how websites work, the technologies used and how these technologies work together to produce these nice and functional platforms that we use everyday. Then we'll start hacking and bug hunting straight away. You'll learn everything by example, by discovering security bugs and vulnerabilities, no boring dry lectures.

The course is divided into a number of sections, each aims to teach you a common security bug or vulnerability from the OWASP top 10 most common security threats. Each section takes you through a number of hands-on examples to teach you the cause of the security bug or vulnerability and how to discover it in a number of scenarios, from simple to advanced. You'll also learn advanced techniques to bypass filters and security measures. As we do this I will also introduce you to different hacking and security concepts, tools and techniques. Everything will be taught through examples and hands-on practicals, there will be no useless or boring lectures!

At the end of the course I will take you through a two hour pentest or bug hunt to show you how to combine the knowledge that you acquired and employ it in a real-life scenario to discover bugs and vulnerabilities in a real website! I will show you how I approach a target, analyse it, and take it apart to discover bugs and vulnerabilities in features that most would think are secure!

As mentioned you'll learn much more than just how to discover security bugs in this course, but here's a list of the main security bugs and vulnerabilities that will be covered in the course:

  • Information Disclosure.

  • IDOR (Insecure Direct Object Reference).

  • Broken Access Control.

    • Directory / Path Traversal.

    • Cookie Manipulation.

    • CSRF (Client-Side Request Forgery).

    • OAUTH 2.0.

  • Injection Vulnerabilities.

    • Command Injection.

    • Blind Command Injection.

    • HTML Injection.

    • XSS (Cross-Site Scripting).

    • Reflected, Stored & DOM Based XSS.

    • Bypassing Security Filters.

    • Bypassing CSP (Content Security Policy).

    • SQL Injection.

    • Blind SQLi.

    • Time-based Blind SQLi.

  • SSRRF (Server-Side Request Forgery).

  • Blind SSRF.

  • XXE (XML External Entity) Injection.


  • Information gathering.

  • End point discovery.

  • HTTP Headers.

  • HTTP status codes.

  • HTTP methods.

  • Input parameters.

  • Cookies.

  • HTML basics for bug hunting.

  • Javascript basics for bug hunting.

  • XML basics for bug hunting.

  • Filtering methods.

  • Bypassing blacklists & whitelists.

  • Bug hunting and research.

  • Hidden paths discovery.

  • Code analyses.

You'll use the following tools to achieve the above:

  • Ferox Buster.

  • WSL.

  • Dev tools.

  • Burp Suite:

    • Basics.

    • Burp Proxy.

    • Intruder (Simple & Cluster-bomb).

    • Repeater.

    • Collaborator.

Who this course is for:

  • Anybody looking to become a bug bounty hunter.
  • Anybody interested in web application hacking / penetration testing.
  • Anybody interested in learning how to secure websites & web applications from hackers.
  • Web developers so they can create secure web application & secure their existing ones.
  • Web admins so they can secure their websites.


What will you learn in this course:

  • 95+ videos to teach you bug hunting & security testing from scratch.

  • 80+ hands-on real-life examples - from simple to advanced.

  • Discover the most common web application bugs and vulnerabilities.

  • Discover bugs from the OWASP top 10 most common security threats.

  • Bypass filters & security on all of the covered bugs & vulnerabilities.

  • 2 Hour LIVE bug hunt / pentest on a real web application at the end of the course.

  • My approach to bug hunting and web application penetration testing.

  • The bug hunter / hacker mentality.

  • Efficiency use Burp Suite to discover bugs and vulnerabilities.

  • Discover sensitive & hidden information, paths, files, endpoints and subdomains

  • Gather information about websites & applications

  • Essential topics to bounty hunting.

  • HTTP methods & status codes.

  • Cookies & cookie manipulation

  • HTML basics for bug hunting.

  • XML basics for bug hunting.

  • Javascript basics for bug hunting.

  • Read & analyse headers, requests and responses

  • Discover information disclosure vulnerabilities.

  • Discover broken access control vulnerabiltiies.

  • Discover path / directory traversal vulnerabilities.

  • Discover CSRF vulnerabilities.

  • Discover IDOR vulnerabilities

  • Discover OAUTH 2.0 vulnerabilities

  • Discover Injection vulnerabilities.

  • Discover Command Injection vulnerabilities

  • Discover HTML Injection vulnerabilities

  • Discover XSS vulnerabilities (Reflected, Stored & DOM).

  • Advanced XSS discovery & bypass techniques

  • Discover SQL Injection vulnerabilities.

  • Discover Blind SQL Injection vulnerabilities.

  • Discover Time-based blind SQL Injection vulnerabilities.

  • Discover SSRF vulnerabilities.

  • Discover blind SSRF vulnerabilities.

  • Discover XXE vulnerabilities.

  • The Burp Suite Proxy.

  • The Burp Suite Repeater.

  • The Burp Suite Filter

  • The Burp Suite Intruder.

  • The Burp Suite Collaborator.


What are the prerequisites for this course?

  • Basic IT Skills

  • No prior knowledge required in bug hunting, hacking or programming.

  • Computer with a minimum of 4GB ram/memory.

  • Operating System: Windows / Apple Mac OS / Linux.

Learn Bug Bounty Hunting & Web Security Testing From Scratch


Check out the detailed breakdown of what’s inside the course

3 Lectures
  • play icon Course Introduction 03:08 03:08
  • play icon Introduction to Bug Hunting 06:43 06:43
  • play icon What is a Website? 05:16 05:16
Information Disclosure vulnerabilities
8 Lectures
Broken Access Control Vulnerabilities
6 Lectures
Path / Directory Traversal
7 Lectures
CSRF - Client-Side Request Forgery
1 Lectures
OAUTH 2.0 Vulnerabilities
4 Lectures
Injection Vulnerabilities
2 Lectures
OS Command Injection
3 Lectures
XSS - Cross Site Scripting
3 Lectures
DOM XSS Vulnerabilities
6 Lectures
XSS - Bypassing Security
5 Lectures
Bypassing Content Security Policy (CSP)
2 Lectures
SQL Injection Vulnerabilities
5 Lectures
Blind SQL Injections
4 Lectures
Time-Based Blind SQL Injection
3 Lectures
SSRF (Server-Side Request Forgery)
4 Lectures
SSRF - Advanced Exploitation
2 Lectures
SSRF - Bypassing Security
3 Lectures
Blind SSRF Vulnerabilities
4 Lectures
XXE (XML External Entity) Injection
4 Lectures
2 Hour Live Bug Hunting !
14 Lectures
Participating in Bug Bounty Programs
3 Lectures
Bonus Section
1 Lectures

Instructor Details

Zaid Sabih

Zaid Sabih

My name is Zaid Al-Quraishi, I am a professional ethical hacker, computer scientist, and the founder and CEO of Zsecurity & Bug-Bounty. I am passionate about utilizing my skills to improve the security of organizations and individuals by identifying and resolving vulnerabilities in their systems.

I have in-depth knowledge and experience in the fields of ethical hacking & cyber security, and I have helped over 1 million students worldwide on multiple teaching platforms to gain a better understanding of the subject.

My companies, ZSecurity & Bug-Bounty, specialize in providing ethical hacking services and managed bug-bounty programs to help organizations identify and remediate vulnerabilities in their systems.

Course Certificate

User your certification to make a career change or to advance in your current career. Salaries are among the highest in the world.

sample Tutorialspoint certificate

Our students work
with the Best


Related Video Courses

View More

Annual Membership

Become a valued member of Tutorials Point and enjoy unlimited access to our vast library of top-rated Video Courses

Subscribe now
People having fun around a laptop

Online Certifications

Master prominent technologies at full length and become a valued certified professional.

Explore Now
People having fun around a laptop

Talk to us