Description
Price: 10.00 USD | Size: 2.57 GB | Duration : 9.31 Hours | 75 Video Lessons
BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | 
4.9
Practical Bug Bounty
Security has collaborated with Intigriti to create a unique Practical Bug Bounty course to teach you the real-world skills you need to be a successful bug bounty hunter.
Course Overview
Welcome to the Practical Bug Bounty course crafted by TCM Security and Intigriti. This comprehensive course dives into identifying and responsibly exploiting application vulnerabilities, laying a solid foundation in Web Application Architecture and delving into the crucial OWASP Top 10. Participants will distinguish Bug Bounty Hunting from Penetration Testing, engage in hands-on simulations, and master key tools like Burp Suite.
The curriculum covers advanced evasion techniques and bypassing Web Application Firewalls (WAF), emphasizing ethical reporting and responsible disclosure.
The course concludes by guiding learners on strategically selecting Bug Bounty Programs and securing exclusive invites, paving the way for a rewarding career in Bug Bounty Hunting
Learning Objectives:
- Foundational Knowledge:
- Acquire an understanding of Web Application Architecture, essential web technologies, and the core principles of Web Application Security, including the OWASP Top 10.
- Strategies and Tools Mastery:
- Differentiate between Bug Bounty Hunting and Penetration Testing, master the use of essential tools like Burp Suite, and apply learned strategies and tools in real-world attack simulations.
- Advanced Techniques and Reporting:
- Develop skills in advanced evasion techniques, WAF bypassing, and craft comprehensive reports while applying principles of responsible disclosure and effective communication.
- Ethical Conduct and Career Development:
- Cultivate an ethical mindset, adhere to industry standards and legal frameworks, and gain insights into building a successful career in Bug Bounty Hunting.
Upon completion, participants will be invited to apply to Intigriti’s Bug Bounty Platform to begin their journey in the bug bounty world. Students completing this course will be well-equipped to identify, exploit, and responsibly report vulnerabilities, laying a foundation for success in Bug Bounty Hunting.
System Requirements
8GB RAM & 256GB HDD
Up-to-Date OS & Internet Browser
Stable internet connection
Course Curriculum – 9.5 Hours
Introduction
Course Introduction
(6:14)
PREVIEW
Course Discord
Web Application Security
Importance of Web Application Security
(6:23)
Web Application Security Standards and Best Practices
(13:31)
Bug Bounty Hunting vs Penetration Testing
(10:18)
Phases of a Web Application Penetration Test
(17:20)
Section Quiz
Before We Attack
CryptoCat Introduction
(1:42)
Understanding Scope, Ethics, Code of Conduct, etc.
(14:10)
Common Scoping Mistakes
(24:30)
Lab Build
Installing VMWare / VirtualBox
(3:14)
Installing Linux
(9:06)
Lab Installation
(7:15)
Web Application Technologies
Web Technologies
(4:38)
HTTP & DNS
(3:32)
Section Quiz
Reconnaissance and Information Gathering
Fingerprinting Web Technologies
(12:13)
Directory Enumeration and Brute Forcing
(20:06)
Subdomain Enumeration
(17:36)
Burp Suite Overview
(38:52)
Section Quiz
Authentication and Authorization Attacks
Introduction to Authentication
(1:36)
Brute-force Attacks
(6:59)
Attacking MFA
(5:26)
Authentication Challenge Walkthrough
(9:59)
Introduction to Authorization
(1:11)
IDOR – Insecure Direct Object Reference
(6:27)
Introduction to APIs
(4:48)
Broken Access Control
(8:28)
Testing with Autorize
(7:28)
Injection Attacks
Introduction to Local and Remote File Inclusion (LFI/RFI)
(1:37)
Local File Inclusion Attacks
(4:20)
Remote File Inclusion Attacks
(7:38)
File Inclusion Challenge Walkthrough
(4:28)
Introduction to SQL Injection
(4:03)
Basic SQL Injection Attacks
(9:38)
Blind SQL Injection Attacks – Part 1
(9:52)
Blind SQL Injection Attacks – Part 2
(12:53)
SQL Injection Challenge Walkthrough
(5:36)
Second Order SQL Injection
(2:59)
Introduction to Cross-Site Scripting (XSS)
(4:50)
Basic Cross-Site Scripting (XSS) Attacks
(3:15)
Stored Cross-Site Scripting (XSS) Attacks
(7:38)
Cross-Site Scripting (XSS) Challenge Walkthrough
(3:24)
Introduction to Command Injection
(2:24)
Command Injection Attacks
(4:57)
Blind Command Injection
(3:57)
Command Injection Challenge Walkthrough
(4:04)
Introduction to Server-Side Template Injection (SSTI)
(1:08)
Exploiting Server-Side Template Injection (SSTI)
(5:14)
Server-Side Template Injection (SSTI) Challenge Walkthrough
(3:31)
XML External Entity (XXE) Injection
(5:55)
Introduction to Insecure File Uploads
(0:31)
Insecure File Upload Client-Side Controls Bypass
(8:48)
Insecure File Upload Bypasses
(9:13)
Insecure File Uploads Challenge Walkthrough
(3:29)
Automated Tools
Automated Scanners
(10:17)
Scripting and Automation
(19:43)
Section Quiz
Other Common Vulnerabilities
Introduction to Cross-Site Request Forgery (CSRF)
(1:53)
Cross-Site Request Forgery (CSRF) Attacks
(5:50)
Cross-Site Request Forgery (CSRF) Token Bypass
(5:40)
Introduction to Server-Side Request Forgery (SSRF)
(1:24)
Exploiting Server-Side Request Forgery (SSRF)
(4:06)
Blind Server-Side Request Forgery (SSRF)
(2:54)
Introduction to Subdomain Takeovers
(1:43)
Open Redirects
(2:25)
Introduction to Vulnerable Components
(1:33)
Reporting
Understanding CVSS: Part 1
(14:36)
Understanding CVSS: Part 2
(14:44)
Writing Effective Penetration Testing Reports
(22:49)
Vulnerability Reporting and Disclosure (VDP)
(6:30)
How to Write a Bug Bounty Report
(6:42)
Communicating with Clients and Triagers
(10:37)
Mistakes from Triager’s Perspective
(13:36)
Section Quiz
Evasion Techniques
WAF Identification and Fingerprinting
(6:46)
Bypassing Input Validation and Encoding Techniques
(8:22)
Wrapping up
How to Pick Bug Bounty Programs
(9:03)
Course Conclusion
(2:18)
Discover more from Expert Training
Subscribe to get the latest posts sent to your email.
Reviews
There are no reviews yet.