The Bug Bounty Course is a best deal offered by many Companies, websites and software developers, programmers by which individuals can receive recognition and compensation for reporting bugs and Vulnerabilities, especially those pertaining to exploits and vulnerabilities. This course will cover most of the vulnerabilities of OWASP TOP 10 & Web Application Penetration Testing. You will start as a beginner with no hands-on experience on bug bounty hunting and Penetration testing, after this course you will emerge as a stealth Bug Bounty Hunter. Bug bounty hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.
Enroll Now
• Anyone who wants to Hunt
• Security Professional
• Developer
• Ethical Hacker
• Penetration Tester
• HALL OF FAME
• REWARDS
• BUG BOUNTY
• ACKNOWLEDGEMENT / APPRECIATION
• VALUES FOR YOUR RESUME
• Increase the possibility of getting a job in the industry
• Opportunity to make money on spare time
• Knowledge
• The Proven one
1. INTRODUCTION TO BURPSUITE PRO
a. Java installation in the system
b. Proxy setting in Firefox browser
c. Burp Certification in Firefox
2. FOOTPRINTING / INFORMATION GATHERING
a. Background Concept
b. Nmap
c. Whatweb
d. Finding Subdomains of Domains
3. XSS – CROSS SITE SCRIPTING
a. Background Concept
b. Basic XSS
c. XSS on LAB Website
d. Manually Building XSS
e. XSS on live Website
f. XSS through filter bypass attack
g. Reflected XSS vs Stored XSS
h. Exploitation of XSS
4. HOST HEADER INJECTION ATTACK
a. Overview of the Attack
b. Open Redirection
c. Web Cache poisoning
d. Host Header XSS
5. URL REDIRECTION
a. Basic Concept
b. URL Redirection through Path Fragmentation
c. Attacks on Live Websites
6. HTML INJECTION
a. Background Concept
b. Injection Findings Examples
c. Exploitation of HTML Injection Attack
7. SQL INJECTION
a. Background Concept
b. SQL Injection LAB set up
c. Authentication Bypass Attack
d. SQL MAP
e. Havij pro
f. Union Based SQLi
g. SQL fixing query
h. Exploitation (Getting Database) on the GET BASED , POST BASED , HEADER BASED & COOKIE BASED
i. Attacks on Live website
8. COMMAND INJECTION
a. Concept
b. Attacks using Delimeters
9. PARAMETER / DATA TEMPERING
a. Basic Concept
b. Finding Injection point
c. Directly Live attacks to decease the price of commercial websites product.
10. FILE INCLUSION
a. Background concept
b. LFI
c. RFI
11. MISSING SPF FLAG
a. Background Concept
b. Target and Attacks
c. Exploitations of missing SPF
12. INSECURE CORS(CROSS ORIGIN RESOURCE SHARING)
a. Background concept
b. Insecure CORS checking Response
c. Insecure CORS through Response Header and Request Header
13. FILE UPLOADING
a. Background concept
b. Finding the uploading targets
c. Uploading .php shell and getting access to the full server
d. Uploading to some malicious files to do the DOS attack
14. CRITICAL FILE FOUND
a. Background Concept
b. Manual attacks
c. Automatic attacks through payload.
15. SOURCE CODE DISCLOSURE
a. Background concept
b. Attack manually and automatically
16. CSRF – CROSS SITE REQUEST FORGERY
a. Background concept
b. Injection Point
c. CSRF on logout page
17. DOS Attack (Denial of services)
NOTE :- sometimes there is no bounty for this attack
a. Background concept
b. Attack through LOIC & HOIC
c. Attack through Ettercap
d. Attack through metasploit
18. Report Writing & POC
19. Sign up in these online Bug Hunting platform
a. BUG CROWD
b. HACKER ONE
c. SYNACK
d. ANTI HACK
e. OPEN BUG BOUNTY
f. FACEBOOK BUG BOUNTY PROGRAM
g. EC COUNCIL BUG BOUNTY PROGRAM, ETC.
• Experience & Knowledge
• Toolkit
• Study Material
Abrar Ahmad - Cyber Security Specialist, CEH