Bug Bounty Hunting & Web Security Testing

.

Many websites, organizations, and software companies provide bug bounty programs in which users can gain credit and reward for reporting bugs, security exploits, and vulnerabilities. These programs help developers find and fix flaws before they are discovered by malicious hackers or the broader public, preventing widespread exploitation.

The ultimate Bug Bounty Hunting course will teach you how to seek and exploit application vulnerabilities using the necessary tools and techniques. This course aims to provide ethical hackers with the skills they’ll need to identify and disclose vulnerabilities.

What you’ll learn

• Discover the most common web application bugs and vulnerabilities.
• Discover bugs from the OWASP top 10 most common security threats.
• Bypass filters & security on all of the covered bugs & vulnerabilities.
• 2 Hour LIVE bug hunt / pentest on a real web application at the end of the course.
• My approach to bug hunting and web application penetration testing.
• The bug hunter / hacker mentality.
• Efficiency use Burp Suite to discover bugs and vulnerabilities.
• Discover sensitive & hidden information, paths, files, endpoints and subdomains
• Gather information about websites & applications
• Essential topics to bounty hunting.
• HTTP methods & status codes.
• Cookies & cookie manipulation
• HTML basics for bug hunting.
• XML basics for bug hunting.
• Javascript basics for bug hunting.
• Read & analyse headers, requests and responses
• Discover information disclosure vulnerabilities.
• Discover broken access control vulnerabiltiies.
• Discover path / directory traversal vulnerabilities.
• Discover CSRF vulnerabilities.

Course Content:

Module1:Introduction

•  Course Introduction Preview
• Introduction to Bug Hunting
• What is a Website?

Module2:Introduction to Information Disclosure Vulnerabilities

• Introduction to Information Disclosure Vulnerabilities
• Discovering Database Login Credentials
• Discovering Endpoints & Sensitive Data
• Introduction to HTTP Status Codes
• Employing the Hacker / Bug Hunter Mentality to Discover Admin Login Information
• Manipulating Application Behaviour Through the HTTP GET Method
• Manipulating Application Behaviour Through the HTTP POST Method
• Intercepting Requests With Brup Proxy

Module3:Introduction to Broken Access Control Vulnerabilities

• Introduction to Broken Access Control Vulnerabilities
• Cookie Manipulation
•  Accessing Private User Data
•  Discovering IDOR Vulnerabilities
• Privilege Escalation with Burp Repeater
• Debugging Flows with HTTP TRACE & Gaining Admin Access!

Module4:Introduction to Path Traversal Vulnerabilities & Basic Discovery

• Introduction to Path Traversal Vulnerabilities & Basic Discovery
•  Bypassing Absolute Path Restriction
•  Bypassing Hard-coded Extensions
•  Bypassing Filtering
•  Bypassing Hard-coded Paths
•  Bypassing Advanced Filtering
•  Bypassing Extreme Filtering

Module5: CSRF Vulnerabilities

Discovering & Exploiting CSRF Vulnerabilities

Module6: OAUTH Vulnerabilities

•  Introduction to OAUTH 2.0
•  OAUTH 2.0 Basic Exploitation
•  Exploiting a Linking OAUTH 2.0 Flow Through CSRF
  12:23
•  Exploiting a Login OAUTH 2.0 Flow Through CSRF

Module7: Injection Vulnerabilities

•  Introduction to Injection Vulnerabilities
•  Discovering a Basic Command Injection Vulnerability

Module8: OS Command Injection

• Discovering a Basic Command Injection Vulnerabile
• Discovering Blind Command Injection Vulnerabilitie
• Discovering Asynchronous Blind Command Injection Vulnerabilitie
• Using Burp Collaborator to Exploit Asynchronous Blind Command Injection

Module9: DOM XSS

• Introduction to DOM XSS Vulnerabilities
• Discovering a Reflected DOM XSS in a Line
• Discovering a Reflected XSS in an Image Tag 
• Injecting Java script Directly in a Page Script
• Discovering XSS in a Drop-down Me
• Discovering XSS in AngularJS Application

Who this course is for:

• Anybody looking to become a bug bounty hunter.
• Anybody interested in web application hacking / penetration testing.
• Anybody interested in learning how to secure websites & web applications from hackers.
• Web developers so they can create secure web application & secure their existing ones.

International Student Fee: 300$

Job Interview Preparation  (Soft Skills Questions & Answers)

• Tough Open-Ended Job Interview Questions
• What to Wear for Best Job Interview Attire
• Job Interview Question- What are You Passionate About?
• How to Prepare for a Job Promotion Interview

Related  Courses

System Administrator Fundamentals (for Ethical Hacking Foundation Online Course)

 Ethical Hacking Professional with KALI Linux 

Ethical Hacking Training Course (BootCamp)

Ethical Hacking Training with Penetration Testing (2 in 1) Course

Ethical Hacking Training – Complete Ethical Hacking Course

]