% Off Udemy Coupon - CourseSpeak

Learn Bug Bounty Hunting & Web Security Testing From Scratch

Learn how to discover bugs / vulnerabilities like experts | OWASP top 10 + more | No prior knowledge required

$12.99 (93% OFF)
Get Course Now

About This Course

<div>Welcome to my comprehensive course on <b><u>Bug Bounty Hunting &amp; Web Security Testing course</u></b>. This course assumes you have NO prior knowledge, it starts with you from scratch and takes you step-by-step to an advanced level, able to discover a large number of bugs or vulnerabilities (including the OWASP top 10) in any web application regardless of the technologies used in it or the cloud servers that it runs on.</div><div><br></div><div>This course is highly practical but doesn't neglect the theory, we'll start with basics to teach you how websites work, the technologies used and how these technologies work together to produce these nice and functional platforms that we use everyday. Then we'll start hacking and bug hunting straight away. You'll learn everything by example, by discovering security bugs and vulnerabilities, no boring dry lectures.</div><div><br></div><div>The course is divided into a number of sections, each aims to teach you a common security bug or vulnerability from the OWASP top 10 most common security threats. Each section takes you through a number of hands-on examples to teach you the cause of the security bug or vulnerability and how to discover it in a number of scenarios, from simple to advanced. You'll also learn advanced techniques to bypass filters and security measures. As we do this I will also introduce you to different hacking and security concepts, tools and techniques. Everything will be taught through examples and hands-on practicals, there will be no useless or boring lectures!</div><div><br></div><div><span style="font-size: 1rem;">At the end of the course I will take you through a two hour pentest or bug hunt to show you how to combine the knowledge that you acquired and employ it in a real-life scenario to discover bugs and vulnerabilities in a real website! I will show you how I approach a target, analyse it, and take it apart to discover bugs and vulnerabilities in features that most would think are secure!</span></div><div><br></div><div>As mentioned you'll learn much more than just how to discover security bugs in this course, but here's a list of the main security bugs and vulnerabilities that will be covered in the course:</div><div><ul><li><span style="font-size: 1rem;">Information Disclosure.</span></li><li><span style="font-size: 1rem;">IDOR (Insecure Direct Object Reference).</span></li><li><span style="font-size: 1rem;">Broken Access Control .</span></li><li><span style="font-size: 1rem;">Directory / Path Traversal.</span></li><li><span style="font-size: 1rem;">Cookie Manipulation.</span></li><li><span style="font-size: 1rem;">CSRF (Client-Side Request Forgery).</span></li><li><span style="font-size: 1rem;">OAUTH 2.0.</span></li><li><span style="font-size: 1rem;">Injection Vulnerabilities.</span></li><li><span style="font-size: 1rem;">Command Injection.</span></li><li><span style="font-size: 1rem;">Blind Command Injection.</span></li><li><span style="font-size: 1rem;">HTML Injection.</span></li><li><span style="font-size: 1rem;">XSS (Cross-Site Scripting).</span></li><li><span style="font-size: 1rem;">Reflected, Stored &amp; DOM Based XSS.</span></li><li><span style="font-size: 1rem;">Bypassing Security Filters.</span></li><li><span style="font-size: 1rem;">Bypassing CSP (Content Security Policy).</span></li><li><span style="font-size: 1rem;">SQL Injection.</span></li><li><span style="font-size: 1rem;">Blind SQLi.</span></li><li><span style="font-size: 1rem;">Time-based Blind SQLi.</span></li><li><span style="font-size: 1rem;">SSRRF (Server-Side Request Forgery).</span></li><li><span style="font-size: 1rem;">Blind SSRF.</span></li><li><span style="font-size: 1rem;">XXE (XML External Entity) Injection.</span></li></ul></div><div><span style="font-size: 1rem;">Topics:</span></div><div><ul><li><span style="font-size: 1rem;">Information gathering.</span></li><li><span style="font-size: 1rem;">End point discovery.</span></li><li><span style="font-size: 1rem;">HTTP Headers.</span></li><li><span style="font-size: 1rem;">HTTP status codes.</span></li><li><span style="font-size: 1rem;">HTTP methods.</span></li><li><span style="font-size: 1rem;">Input parameters.</span></li><li><span style="font-size: 1rem;">Cookies.</span></li><li><span style="font-size: 1rem;">HTML basics for bug hunting.</span></li><li><span style="font-size: 1rem;">Javascript basics for bug hunting.</span></li><li><span style="font-size: 1rem;">XML basics for bug hunting.</span></li><li><span style="font-size: 1rem;">Filtering methods.</span></li><li><span style="font-size: 1rem;">Bypassing blacklists &amp; whitelists.</span></li><li><span style="font-size: 1rem;">Bug hunting and research.</span></li><li><span style="font-size: 1rem;">Hidden paths discovery.</span></li><li><span style="font-size: 1rem;">Code analyses .</span></li></ul></div><div><span style="font-size: 1rem;">You'll use the following tools to achieve the above:</span></div><div><ul><li><span style="font-size: 1rem;">Ferox Buster .</span></li><li><span style="font-size: 1rem;">WSL .</span></li><li><span style="font-size: 1rem;">Dev tools.</span></li><li><span style="font-size: 1rem;">Burp Suite:</span></li><li><span style="font-size: 1rem;">Basics.</span></li><li><span style="font-size: 1rem;">Burp Proxy.</span></li><li><span style="font-size: 1rem;">Intruder (Simple &amp; Cluster-bomb).</span></li><li><span style="font-size: 1rem;">Repeater.</span></li><li><span style="font-size: 1rem;">Collaborator.</span></li></ul></div><div><br></div><div>With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&amp;A section and we'll respond to you within 15 hours.</div><div><br></div><div>Checkout the curriculum and the course teaser for more info!</div>

What you'll learn:

  • 95+ videos to teach you bug hunting & security testing from scratch.
  • 80+ hands-on real-life examples - from simple to advanced.
  • Discover the most common web application bugs and vulnerabilities.
  • Discover bugs from the OWASP top 10 most common security threats.
  • Bypass filters & security on all of the covered bugs & vulnerabilities.
  • 2 Hour LIVE bug hunt / pentest on a real web application at the end of the course.
  • My approach to bug hunting and web application penetration testing.
  • The bug hunter / hacker mentality.
  • Efficiency use Burp Suite to discover bugs and vulnerabilities.
  • Discover sensitive & hidden information, paths, files, endpoints and subdomains
  • Gather information about websites & applications
  • Essential topics to bounty hunting.
  • HTTP methods & status codes.
  • Cookies & cookie manipulation
  • HTML basics for bug hunting.
  • XML basics for bug hunting.
  • Javascript basics for bug hunting.
  • Read & analyse headers, requests and responses
  • Discover information disclosure vulnerabilities.
  • Discover broken access control vulnerabiltiies.
  • Discover path / directory traversal vulnerabilities.
  • Discover CSRF vulnerabilities.
  • Discover IDOR vulnerabilities
  • Discover OAUTH 2.0 vulnerabilities
  • Discover Injection vulnerabilities.
  • Discover Command Injection vulnerabilities
  • Discover HTML Injection vulnerabilities
  • Discover XSS vulnerabilities (Reflected, Stored & DOM).
  • Advanced XSS discovery & bypass techniques
  • Discover SQL Injection vulnerabilities.
  • Discover Blind SQL Injection vulnerabilities.
  • Discover Time-based blind SQL Injection vulnerabilities.
  • Discover SSRF vulnerabilities.
  • Discover blind SSRF vulnerabilities.
  • Discover XXE vulnerabilities.
  • The Burp Suite Proxy.
  • The Burp Suite Repeater.
  • The Burp Suite Filter
  • The Burp Suite Intruder.
  • The Burp Suite Collaborator.