Course Description

“Bugs” are errors or flaws in computer software, web applications and websites and responsible for making a particular software perform erratically. A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Many companies offer bug bounty programs and rewards security researchers to report potential software vulnerabilities.

Welcome to bug bounty hunter course. A course that teaches you practically, about web application security, protecting your websites from attacks and reporting bugs for reward money, if you found one.

In this course participants will learn the approaches to Hunt Bugs in a website, its exploitation process and understand the process of bug submission in ethical way. Participants will cover and perform OWASP top vulnerabilities like SQL injection, Cross site scripting, session management flaws and various others. Also we will give you enough challenges to practice along.

Who Should Attend

This training course is intended for Security Professionals, Ethical Hackers, Penetration Testers or any professionals who is interested in Web application security, Bug bounty and want to secure their web apps.

Course Duration

  • 24 Hours (3 Days * 8 Hours).

Course Content / Outline

  • Introduction to Bug Bounty and Bug Crowd
  • Cross site scripting (Reflected / Persistent / DOM ) Self XSS to Reflected, Remote File XSS attack, XSS attack through File
  • Command Injection /Execution
  • Server Side Request Forgery
  • HTML Injection
  • File Inclusion (LFI /RFI)
  • Directory Traversal
  • Insecure CORS Configuration
  • Source code disclosure
  • Missing/insufficient SPF record
  • Script Source Code Disclosure
  • HTTP Parameter Pollution attack
  • Hostile subdomain takeover
  • CRLF injection
  • Host Header Attack
  • Parameter Tampering
  • URL Redirection /Open Redirection
  • Cross site request forgery attack
  • SQL Injection - (Advance SQL Injection )
  • File uploading
  • WAF Bypassing
  • Critical File Found
  • XML External Entity Injection
  • client side template injection
  • LDAP Injection
  • Documenting & Reporting Vulnerability