Advanced Offensive Bug Bounty Hunting

COURSE DETAILS

WHO IS THIS COURSE FOR?

This course is for Ethical hackers or security researchers who are paid for reporting vulnerabilities to secure the organization data and Security.

COURSE SYLLABUS

Bug bounty programs are for those who have completed Ethical hacking and Penetraion testing courses, want to get paid for their skill they aquired. The course covers the following topics. View the full syllabus.

  • Introduction to Bug Bounty
  • Bug Bounty - Roadmap
  • Information Gathering Basics
  • Introduction to Burp Suite
  • Lab Setup for Mobile Application
  • Lab Setup for Web Application
  • HTTP Host header attacks
  • Business logic vulnerabilities
  • Web cache poisoning
  • Information disclosure vulnerabilities
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • Cross-site request forgery (CSRF)
  • XML External Entities (XXE)
  • Clickjacking (UI redressing)
  • Cross-origin resource sharing (CORS)
  • Server-side request forgery (SSRF)
  • HTTP request smuggling
  • OS command injection
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting XSS
  • Insecure Deserialization
  • Access control vulnerabilities and privilege escalation
  • Directory traversal
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring
  • Documenting & Reporting Vulnerability
  • Advanced Tip & Tricks