Bug Bounty Hunting

Overview

  • This course “Practical Bug Bounty Hunting for Hackers and Pentesters, will guide you from finding targets, over developing exploits to writing comprehensive reports and ensure your success in the Bug Bounty industry. 
  • By the end of this course, with hands-on examples and real-world tricks, you will soon be able to find your first bug.

Course Module

Duration: 40 Hours

  1. About Cyber Security Industry
    • What is Bug Bounty
    • What is Penetration Testing
    • What is Red Teaming
    • What is SOC
    • Needs to be a Professional Bug Hunter
  2. Setting up Hacking Machine
    • Introduction to Linux Environment
  3. Introduction to Networking
  4. Web Application Fundamentals & Configurations
    • HTTP and HTTPS Protocol
    • HTTP Requests & HTTP Response
    • URL & URI
    • HTTP Methods
    • HTTP Response Status Codes
    • SOP & CORS
  5. Introduction to Web Application Security Testing
    • Types of Web Application Security Testing
    • Approach for Web App Penetration Testing
  6. Web Application Reconnaissance
  7. Working with Burp suite
  8. Exploiting Traditional Web Application Vulnerabilities
    • Sub Domain Take Over o Click Jacking
    • Checking Necessary Security Headers
    • Checking SPF & DMARC Record
    • CORS (Cross-Origin Resource Sharing)
    • Testing Rate Limit
  9. Introduction to Session Managements
    • What is Session Management
    • Testing Weak Session Logout Policy
    • Testing For Session Timeout
    • Session Fixation Vulnerability
  10. Introduction to XSS (Cross-Site Scripting)
    • Exploiting Reflected XSS
    • Exploiting Stored XSS
    • Exploiting DOM XSS
  11. Introduction to SQL injection
    • Logic behind SQL injection
    • Authentication Bypass using SQL injection
    • Error Balancing in SQLi
    • Information Disclosure (Exploiting Database) through SQL injection
    • Automate SQL injection Process
  12. Introduction to File Inclusion Vulnerability
    • Exploiting LFI
    • Exploiting RFI
  13. CSRF (Cross-Site Request Forgery Attack)
  14. SSRF (Server-Side Request Forgery Attack)
    • Exploiting Blind SSRF
  15. IDOR (Insecure Direct Object Reference)
  16. OS Command injection
  17. Response Manipulation
  18. Host Header Injection
  19. Parameter Tampering
  20. XXE (XML External Entity)
  21. RCE (Remote Code Execution)
  22. Introduction to Bug Bounty Platforms
    • Hackerone
    • Bug Crowd
    • Open Bug Bounty Programs

 

Course Schedule

Scheduled DateLocationAvailableRegister
15/06/2023 - 30/06/2023BengaluruVILT & ILTRegister

Course Details

Duration: 20 Hours

Schedule

Location: Bengaluru
Available: VILT /ILT

Contact Us

Course Enquiry

Please submit the form, we'll be with you shortly.

Bootcamp Enquiry

Please submit the form, we'll be with you shortly.