Disclosure: when you buy through links on our site, we may earn an affiliate commission.

Tactical Web Exploitation for Penetration Testers

Learn Black-Box Web Application Penetration Testing and Website Hacking from Black Hat Perspective
(6 reviews)
529 students
Created by Mohammad Sa'ed


CourseMarks Score®







Platform: Udemy
Price: $11.99
Video: 10h 58m
Language: English
Next start: On Demand

Top Ethical Hacking courses:

Detailed Analysis

CourseMarks Score®

9.6 / 10

CourseMarks Score® helps students to find the best classes. We aggregate 18 factors, including freshness, student feedback and content diversity.

Freshness Score

9.9 / 10
This course was last updated on 3/2021.

Course content can become outdated quite quickly. After analysing 71,530 courses, we found that the highest rated courses are updated every year. If a course has not been updated for more than 2 years, you should carefully evaluate the course before enrolling.

Student Feedback

8.7 / 10
We analyzed factors such as the rating (4.8/5) and the ratio between the number of reviews and the number of students, which is a great signal of student commitment.

New courses are hard to evaluate because there are no or just a few student ratings, but Student Feedback Score helps you find great courses even with fewer reviews.

Content Score

9.6 / 10
Video Score: 9.3 / 10
The course includes 10h 58m video content. Courses with more videos usually have a higher average rating. We have found that the sweet spot is 16 hours of video, which is long enough to teach a topic comprehensively, but not overwhelming. Courses over 16 hours of video gets the maximum score.
Detail Score: 10.0 / 10

The top online course contains a detailed description of the course, what you will learn and also a detailed description about the instructor.

Extra Content Score: 9.5 / 10

Tests, exercises, articles and other resources help students to better understand and deepen their understanding of the topic.

This course contains:

0 article.
16 resources.
0 exercise.
0 test.

Table of contents


Welcome to Tactical Web Exploitation for Penetration Testers online course (TWXS01). This is an aggressive, intensive and highly advanced web application security-training course, focusing on exploiting the toughest web application vulnerabilities. It aims to teach you the skills and techniques needed to conduct a black box web application penetration tests.

This training course will introduce you to the very core of the web application exploitation process. You’ll learn the different phases involved in the black box security testing methodology by testing the applications from the outside in, with little or no prior knowledge of the application’s internal workings, using the same methods and techniques conducted by Black Hats.

TWXS01 is a comprehensive 11-hour online course that will teach you all about web attacks and exploitation. You will practice the art of manually exploiting web applications. You will learn about the attacker’s tools, methods and skills needed to conduct a black box web application penetration tests through detailed, 100% hands-on exercises and with guidance from the instructors.

By the end of this course, you will be able to take your skills to the next level, being able to perform advanced web application attacks, chain attacks using multiple vulnerabilities, using creative and innovative ways of exploiting web vulnerabilities, replicate the discovered vulnerabilities, which will help you sharpen your skills to meet the challenges in this constantly updating industry.

This 11 hour course, is divided into nine essential sections as shown in the course syllabus. It features many topics, including: 
•Burpsuite essentials: a minimized course with 10 sections which allow you to acquire a decent familiarity and knowledge about the key features and the most used tools in Burp to perform various crucial tasks.
•WordPress CSRF To Remote Code Execution: It teaches you how to exploit WordPress core vulnerabilities by chaining them into complex attacks where you will end up with a remote code execution. You will also learn how to bypass implemented security mechanisms with tact and class.
•WordPress Improper Control to Code Injection: You will learn the latest advanced exploitation techniques to get a foothold on your WordPress target by varying different methods, including: targeting WordPress core vulnerabilities, to time-based blind SQL injection attacks.
•Gitlab Mutli-Vulnerabilities to Remote Code Execution: This module is a piece of art with 16 sections dedicated for Gitlab exploitation by targeting multiple vulnerabilities, this module will dive deep into the penetration testing process from target scanning to remote command execution.

In addition to highly-practical and extensive course materials, We have also provided you with  downloadable private labs “Evilrc” where you can practice and sharpen the skills you will come to acquire throughout the training.

Important Notes:
Before deciding to join us, we invite you to check the following enabled preview:
•Module 0 – Introduction to Tactical Web Exploitation.
•Module 6 – 6.5 – Chaining CSRF With XSS Vulnerability
•Module 8 – 8.7 Bypassing CSRF protection.
•For best learning experience, we recommend you to switch your web player to 1080p

Hardware Requirements:
•CPU: 64-bit Intel i5/i7 2.0+ GHz processor
•RAM: 8GB RAM (More memory is recommended)
•Hard Drive Free Space: 60 GB Free Space (More memory is recommended)
•Host Operating System: Latest version of Windows, or Linux that also can install and run VMware virtualization products described below.

Evilrc Labs Hardware Requirements:
Evilrc is Genosec penetration testing private labs, A custom virtual machine tailored specifically for web application penetration testing, with all labs installed locally.

•Evilrc “Guest” Minimal Memory Requirements At least 1 GB of RAM (2 GB is recommended).
•Kali Linux “Guest” Minimal Memory Requirements At least 2 GB of RAM (4 GB is recommended)
•For Kali Linux,  Realistically 8 GB with a SWAP file of equal value due to high demanding nature of scanning or crawling techniques which requires more memory allocation, For the best experience with Burp Suite, We recommend using a guest kali machine with at least 8 GB of memory and 2 vCPU cores.

Evilrc credentials:
•No credentials will be provided as your only way to access Evilrc “Is to Hack your way in”
•HINT :  Rick Sanchez says “MwGVUjohi7U “

Additional Software Requirements:
•Download and install either VMware Workstation Pro 16.x, VMware Player or Fusion 12.x or higher versions before the course.
•Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during the course.

•The content of this course was created for Educational Purposes Only, it is designed to help users test their own system against information security threats and protect their IT infrastructure from similar attacks.
•All of the demonstrated attacks are launched in a controlled environment that have been designed specifically for this course by Mohammad Sa’ed.
•The provided materials / labs are designed and owned by “Mohammad Sa’ed” for Penetration Testing and Ethical Hacking use.


• Good Knowledge of the Linux System.Good Understanding of Web Penetration Testing Techniques and Methodologies.

You will learn

✓ Learn ethical hacking and penetration testing skills
✓ Ability to perform manual exploitation of web applications
✓ Ability to perform multi-staged chained attacks
✓ Ability to perform post-exploitation techniques
✓ Ability to perform advanced local file inclusion attacks (LFI)
✓ Ability to perform directory traversal attacks (Path Traversal)
✓ Ability to perform cross site request forgery attacks
✓ Ability to exploit time-based blind SQL injection (SQLi)
✓ Ability to leverage second order cross-site scripting (XSS)
✓ Ability to exploit and weaponizing cross-site scripting vulnerability
✓ Learn Advanced use of BurpSuite, and Much More

This course is for

• Ethical Hackers
• Penetration Testers
• Security Professionals
• Web Application Developers
• Web Application Security Specialists
• Bug Bounty Hunters

How much does the Tactical Web Exploitation for Penetration Testers course cost? Is it worth it?

The course costs $11.99. And currently there is a 87% discount on the original price of the course, which was $94.99. So you save $83 if you enroll the course now.

Does the Tactical Web Exploitation for Penetration Testers course have a money back guarantee or refund policy?

YES, Tactical Web Exploitation for Penetration Testers has a 30-day money back guarantee. The 30-day refund policy is designed to allow students to study without risk.

Are there any SCHOLARSHIPS for this course?

Currently we could not find a scholarship for the Tactical Web Exploitation for Penetration Testers course, but there is a $83 discount from the original price ($94.99). So the current price is just $11.99.

Who is the instructor? Is Mohammad Sa'ed a SCAM or a TRUSTED instructor?

Mohammad Sa’ed has created 1 courses that got 6 reviews which are generally positive. Mohammad Sa’ed has taught 529 students and received a 4.8 average review out of 6 reviews. Depending on the information available, Mohammad Sa’ed is a TRUSTED instructor.

More info about the instructor, Mohammad Sa'ed

Cyber Security Expert
Mohammad Sa’ed (Anti-trust) is the founder of Genosec and Ninja Security, with over +15 years of experience as a professional penetration tester, specialized in tactical exploitation and exploit development. Mohammad is “THE HACKER” who is responsible for creating of all Genosec course materials. Mohammad has spent the better part of two decades in the IT industry, over 10 of those specializing in information security, making him an experienced professional penetration tester.Mohammad created the Ninja Security’s Unethical Hacking, Mastering of Penetration testing, Advanced Exploit Development and Metasploit training courses.


CourseMarks Score®







Platform: Udemy
Price: $11.99
Video: 10h 58m
Language: English
Next start: On Demand

Students are also interested in

Get this widget on your website (for course creators):

Tactical Web Exploitation for Penetration Testers rating
Copy this code and paste it to your website:
<a href="https://coursemarks.com/course/tactical-web-exploitation-for-penetration-testers/" target="_blank" title="Tactical Web Exploitation for Penetration Testers on Coursemarks.com"><img border="0" src="https://coursemarks.com/widget/96.svg" width="200px" alt="Tactical Web Exploitation for Penetration Testers rating"/></a>