Learn Bug Bounty Hunting & Web Security Testing From Scratch
About Course
Welcome to my comprehensive course on Bug Bounty Hunting & Web Security Testing course. This course assumes you have NO prior knowledge, it starts with you from scratch and takes you step-by-step to an advanced level, able to discover a large number of bugs or vulnerabilities (including the OWASP top 10) in any web application regardless of the technologies used in it or the cloud servers that it runs on.
This course is highly practical but doesn’t neglect the theory, we’ll start with basics to teach you how websites work, the technologies used and how these technologies work together to produce these nice and functional platforms that we use everyday. Then we’ll start hacking and bug hunting straight away. You’ll learn everything by example, by discovering security bugs and vulnerabilities, no boring dry lectures.
The course is divided into a number of sections, each aims to teach you a common security bug or vulnerability from the OWASP top 10 most common security threats. Each section takes you through a number of hands-on examples to teach you the cause of the security bug or vulnerability and how to discover it in a number of scenarios, from simple to advanced. You’ll also learn advanced techniques to bypass filters and security measures. As we do this I will also introduce you to different hacking and security concepts, tools and techniques. Everything will be taught through examples and hands-on practicals, there will be no useless or boring lectures!
At the end of the course I will take you through a two hour pentest or bug hunt to show you how to combine the knowledge that you acquired and employ it in a real-life scenario to discover bugs and vulnerabilities in a real website! I will show you how I approach a target, analyse it, and take it apart to discover bugs and vulnerabilities in features that most would think are secure!
As mentioned you’ll learn much more than just how to discover security bugs in this course, but here’s a list of the main security bugs and vulnerabilities that will be covered in the course:
- Information Disclosure.
- IDOR (Insecure Direct Object Reference).
- Broken Access Control.
- Directory / Path Traversal.
- Cookie Manipulation.
- CSRF (Client-Side Request Forgery).
- OAUTH 2.0.
- Injection Vulnerabilities.
- Command Injection.
- Blind Command Injection.
- HTML Injection.
- XSS (Cross-Site Scripting).
- Reflected, Stored & DOM Based XSS.
- Bypassing Security Filters.
- Bypassing CSP (Content Security Policy).
- SQL Injection.
- Blind SQLi.
- Time-based Blind SQLi.
- SSRRF (Server-Side Request Forgery).
- Blind SSRF.
- XXE (XML External Entity) Injection.
Topics:
- Information gathering.
- End point discovery.
- HTTP Headers.
- HTTP status codes.
- HTTP methods.
- Input parameters.
- Cookies.
- HTML basics for bug hunting.
- Javascript basics for bug hunting.
- XML basics for bug hunting.
- Filtering methods.
- Bypassing blacklists & whitelists.
- Bug hunting and research.
- Hidden paths discovery.
- Code analyses.
You’ll use the following tools to achieve the above:
- Ferox Buster.
- WSL.
- Dev tools.
- Burp Suite:
- Basics.
- Burp Proxy.
- Intruder (Simple & Cluster-bomb).
- Repeater.
- Collaborator.
With this course you’ll get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.
Checkout the curriculum and the course teaser for more info!
Course Content
01 – Introduction
-
A Message from the Professor
-
001 Course Introduction.mp4
00:00 -
002 Introduction to Bug Hunting.mp4
00:00 -
003 What is a Website.mp4
00:00 -
Section Quiz
02 – Information Disclosure vulnerabilities
03 – Broken Access Control Vulnerabilities
04 – Path Directory Traversal
05 – CSRF – Cross-Site Request Forgery
06 – OAUTH 2.0 Vulnerabilities
07 – Injection Vulnerabilities
08 – OS Command Injection
09 – XSS – Cross Site Scripting
10 – DOM XSS Vulnerabilities
11 – XSS – Bypassing Security
12 – Bypassing Content Security Policy (CSP)
13 – SQL Injection Vulnerabilities
14 – Blind SQL Injections
15 – Time-Based Blind SQL Injection
16 – SSRF (Server-Side Request Forgery)
17 – SSRF – Advanced Exploitation
18 – SSRF – Bypassing Security
19 – Blind SSRF Vulnerabilities
20 – XXE (XML External Entity) Injection
21 – 2 Hour Live Bug Hunting !
22 – Participating in Bug Bounty Programs
23 – Bonus Section
Earn a certificate
Add this certificate to your resume to demonstrate your skills & increase your chances of getting noticed.