Bug Bounty Hunting Guide to an Advanced Earning Method (2022)

About Course

This Bug Bounty Hunting program includes all the methods to find any vulnerability in websites/ web applications and their exploitation and is designed to inform all the latest vulnerabilities on websites like CSRF attacks, Web Application attacks, Injection attacks, and many more. You will also learn the procedure in which you get paid or earn many other rewards by documenting and disclosing these bugs to the website’s security team. So, this course will give you a precise introduction to the bugs that you can report and earn money.

Course Content

Introduction to Bug Bounty

What is a Bug Bounty Program

00:00
Popular Bug Bounty Platforms

00:00
Bug Crowd

00:00
Hacker One

00:00
Benefits of Bug Bounty

00:00
Brief About Common Vulnerabilities

00:00
Hacking Terminologies

00:00

Information Gathering

Setting Up Labs

Introduction to Burp Suite

SQL Injection

Web Application Attacks

Cross Site Script (XSS)

Header Injection _ URL Redirectio

Client Side Attacks

Understanding Session, Cookie _ Session Fixation

00:00
Forced Browsing

00:00
Cross Site Request Forgery Introduction

00:00
CSRF Attack (DVWA)

00:00
Open Redirection

00:00
Personally Identifiable Information (PII)

00:00
9.7 Sensitive Information Disclosure

00:00
Live CSRF POC

00:00
Live Sensitive Information POC

00:00
Live Session Fixation POC

00:00

Brute Forcing

Security Misconfigurations_ Exploiting Web Apps

Insecure CORS

File Inclusion Vulnerability

Server-Side Request Forgery

Insecure Captcha

Automating VAPT _ Advanced Information Gathering

Documenting _ Reporting Vulnerability

Conclusion of Bug Bounty

About Course

What Will You Learn?

Course Content

Introduction to Bug Bounty

What is a Bug Bounty Program

Popular Bug Bounty Platforms

Bug Crowd

Hacker One

Benefits of Bug Bounty

Brief About Common Vulnerabilities

Hacking Terminologies

Information Gathering

What is Information Gathering

Concept of Digital Footprinting

What Information to Gather

What is Whois Information

Information Gathering About People _ Organisation

Gathering Information About Websites

Google Dorking _ GHDB

Setting Up Labs

DVWA Introduction _ Configuration

bWAPP Introduction _ Configuration

Introduction to Burp Suite

Introduction to Burp Suite

Steps to Configure

SQL Injection

Introduction to SQL

Writing Basic SQL Query

Different Types of Comments Used in SQL

SQLi Introduction _ Impact

Union Based SQLi

Boolean Based SQLi

Time based SQLi

Validation Bypass (Client and Server)

IDOR Vulnerability

Web Application Attacks

IDOR (BWAPP)

Rate Limiting Flaw

File Upload Vulnerability

File Upload on DVWA

Live IDOR POC

Live Rate Limiting Flaw POC

Cross Site Script (XSS)

What Is Cross Site Scripting(XSS)

Stored XSS

Stored XSS (DVWA)

Reflected XSS

Reflected XSS (DVWA)

DOM Based XSS

Blind XSS

Live XSS POC

Header Injection _ URL Redirectio

Host Header Injection Methods _ URL Redirection

Live Host Header Injection POC

Live URL Redirection POC

Client Side Attacks

Understanding Session, Cookie _ Session Fixation

Forced Browsing

Cross Site Request Forgery Introduction

CSRF Attack (DVWA)

Open Redirection

Personally Identifiable Information (PII)

9.7 Sensitive Information Disclosure

Live CSRF POC

Live Sensitive Information POC

Live Session Fixation POC

Brute Forcing

Brief About Brute Force

Brute Force DVWA

Live OTP Brute Force POC

Security Misconfigurations_ Exploiting Web Apps

Security Misconfigurations _ Improper Handling

Guessing Weak Passwords

Live SPF Record Missing POC

Insecure CORS

12.1 Concept About Insecure CORS (Voice Issue) Completed

File Inclusion Vulnerability

Remote File Inclusion

Local File Inclusion

File Inclusion (DVWA)