Web Application Pentesting & Bug Hunting Course By Shawar Khan (Videos Course)

(8 customer reviews)



This course is unlike many others, containing full explanation why is application vulnerable; source code analysis, bypassing security filters, getting command execution from vulnerabilities, patching vulnerability, combining more vulnerabilities in one exploitation and much more.


  • Introduction
    • Introduction
    • Preparing our environment
  • Web Application Basics
    • HTTP Request
    • HTTP Response
    • HTTP Header
    • HTTP Methods
  • Burp Suite
    • Setting Up
    • Spidering
    • Intruder
    • Repeater
    • Decoder
  • Information Gathering
    • Wappalyzer
    • Google Hacking Database
    • Finding SubDomain
  • Nmap
    • Port Scanning
    • Service Detecting
    • Scripting Engine
    • Enumerating file using NSE
    • Banner Grabbing using NSE
  • Vulnerability Detection & Exploitation
    • Xss
      • Reflected Xss
      • Stored Xss
      • Flash Base Xss
      • Exploiting Xss Vulnerability
    • CSRF
      • Detecting CSRF
      • GET Based Exploiting
      • Post Based Exploiting
      • Bypassing Anti CSRF Token
    • RCE
      • Detecting RCE Cases
      • Exploiting RCE Cases
    • Sql Injection
      • Detecting Sqli
      • Exploiting vulnerable columns
      • Exploiting SQL Injection vulnerability -Finding user, version, database name
      • Exploiting SQL Injection vulnerability – Finding tables
      • Exploiting SQL Injection vulnerability – Dumping table data
    • LFI
      • Finding Local File Inclusion vulnerabilities
      • Exploiting Local File Inclusion vulnerabilities
    • RFI
      • Finding Remote File Inclusion vulnerabilities
      • Exploiting Remote File Inclusion vulnerabilities
    • URL Redirection
      • Introduction to URL Redirection vulnerabilities
      • Detecting URL Redirection Vulnerabilities
    • Insecure Direct Object Reference
      • Introduction to Insecure Direct Object Reference Vulnerability
      • Finding IDOR Vulnerability
  • Bypassing Protection Mechanisms
    • Bypassing Login Panels – Method 1
    • Bypassing Login Panels – Method 2
    • Bypassing Login Panels – Method 3
    • Bypassing 2-Factor Authentication
  • Testing Content Management Systems
    • WordPress
      • Detecting WordPress
      • Detecting WordPress version
      • Detecting WordPress plugins
      • Detecting WordPress themes
      • Detecting WordPress Usernames
      • Using Wpscan to scan WordPress sites
      • Using Wpscan to enumerate WordPress themes and plugins
      • Bruteforcing WordPress users using Wpscan
    • Joomla
      • Detecting a Joomla website
      • Detecting Joomla version
      • Scanning joomla website using Joomscan
    • Drupal
      • Detecting Drupal CMS
      • Scanning Drupal based website using Droopescan




During this course you will learn everything you need to know about web application security. In this course you will start as beginner with little or without any knowledge about web application security.

This Course is ideal for Beginner to  Advanced level.

After completing this course you will know enough to start looking for bugs in Bug Bounty programs and perform full penetration testing against web applications.

Course Instructor: Shawar Khan Ethical Hacker, Web Application Security Researcher and Pentester.


NOTE: This course is made for educational purposes only. This course comes without our lab access. However, in course materials we will teach you how to prepare you own local network environment for testing attacks.

8 reviews for Web Application Pentesting & Bug Hunting Course By Shawar Khan (Videos Course)

  1. Rehan

    Well planned course, which is applicable in real World.
    Shawar Khan is very good Researcher.I like his way of teaching.
    The course is easy to learn.
    Overall excellent Course!
    I recommended this course for anyone who want to learn web Applications Pentesting and Bug Hunting .

  2. samaakx00 (verified owner)

    really awesome course learn some basic of web app pentesting

  3. Arslan (verified owner)

    This was a great course. I have learned a lot.
    I definitely recommend this course for people that are interested in web hacking.
    The information that presents is incredibly useful for the real-world, and I feel like this course has something to offer from all perspectives of learners (beginners, intermediate, and advanced). Keep up the great work, Highly recommend this course!

  4. hraihan143 (verified owner)

    As I far as I have experienced this course teach from scratch. It is one of the best Web Application Bug Hunting online courses I have seen. Highly recommended for the beginners or who’d like to learn something regarding Bug Hunting from scratch.

  5. cyril.catubay123

    Excellent course!

    The Course was amazing. I learned a lot of things about ethical hacking and the instructor was awesome. I think that the course is definitely worth way more than it’s asking price.

  6. ahmad.haseeb

    Excellent teaching method. thanks for all the knowledge and support

  7. josefmart172

    An extremely helpful and informative course. Training materials were well organized and provided good case studies. Instructor was extremely professional and pleasant to learn from learnpentest.com

  8. krishna_rao456

    Very interesting. I like his way of teaching.Good explanation.

Add a review

Your email address will not be published. Required fields are marked *

Translate »