Web Application Pentesting & Bug Hunting Course By Shawar Khan (Videos Course)



This course is unlike many others, containing full explanation why is application vulnerable; source code analysis, bypassing security filters, getting command execution from vulnerabilities, patching vulnerability, combining more vulnerabilities in one exploitation and much more.


  • Introduction
    • Introduction
    • Preparing our environment
  • Web Application Basics
    • HTTP Request
    • HTTP Response
    • HTTP Header
    • HTTP Methods
  • Burp Suite
    • Setting Up
    • Spidering
    • Intruder
    • Repeater
    • Decoder
  • Information Gathering
    • Wappalyzer
    • Google Hacking Database
    • Finding SubDomain
  • Nmap
    • Port Scanning
    • Service Detecting
    • Scripting Engine
    • Enumerating file using NSE
    • Banner Grabbing using NSE
  • Vulnerability Detection & Exploitation
    • Xss
      • Reflected Xss
      • Stored Xss
      • Flash Base Xss
      • Exploiting Xss Vulnerability
    • CSRF
      • Detecting CSRF
      • GET Based Exploiting
      • Post Based Exploiting
      • Bypassing Anti CSRF Token
    • RCE
      • Detecting RCE Cases
      • Exploiting RCE Cases
    • Sql Injection
      • Detecting Sqli
      • Exploiting vulnerable columns
      • Exploiting SQL Injection vulnerability -Finding user, version, database name
      • Exploiting SQL Injection vulnerability – Finding tables
      • Exploiting SQL Injection vulnerability – Dumping table data
    • LFI
      • Finding Local File Inclusion vulnerabilities
      • Exploiting Local File Inclusion vulnerabilities
    • RFI
      • Finding Remote File Inclusion vulnerabilities
      • Exploiting Remote File Inclusion vulnerabilities
    • URL Redirection
      • Introduction to URL Redirection vulnerabilities
      • Detecting URL Redirection Vulnerabilities
    • Insecure Direct Object Reference
      • Introduction to Insecure Direct Object Reference Vulnerability
      • Finding IDOR Vulnerability
  • Bypassing Protection Mechanisms
    • Bypassing Login Panels – Method 1
    • Bypassing Login Panels – Method 2
    • Bypassing Login Panels – Method 3
    • Bypassing 2-Factor Authentication
  • Testing Content Management Systems
    • WordPress
      • Detecting WordPress
      • Detecting WordPress version
      • Detecting WordPress plugins
      • Detecting WordPress themes
      • Detecting WordPress Usernames
      • Using Wpscan to scan WordPress sites
      • Using Wpscan to enumerate WordPress themes and plugins
      • Bruteforcing WordPress users using Wpscan
    • Joomla
      • Detecting a Joomla website
      • Detecting Joomla version
      • Scanning joomla website using Joomscan
    • Drupal
      • Detecting Drupal CMS
      • Scanning Drupal based website using Droopescan




During this course you will learn everything you need to know about web application security. In this course you will start as beginner with little or without any knowledge about web application security.

This Course is ideal for Beginner to  Advanced level.

After completing this course you will know enough to start looking for bugs in Bug Bounty programs and perform full penetration testing against web applications.

Course Instructor: Shawar Khan Ethical Hacker, Web Application Security Researcher and Pentester.


NOTE: This course is made for educational purposes only. This course comes without our lab access. However, in course materials we will teach you how to prepare you own local network environment for testing attacks.


There are no reviews yet.

Be the first to review “Web Application Pentesting & Bug Hunting Course By Shawar Khan (Videos Course)”

Your email address will not be published. Required fields are marked *