Description

Welcome to this course on Pentesters Practical Approach for Bug Hunting and Bug Bounty.  To enjoy this course, you need a positive attitude and a desire to learn.

In this course, you will learn the practical side of penetration testers and bug hunters. We have seen that how some of the pen-testers are earning millions in a year through bug bounty platforms. Too many courses teach students tools and concepts that are never used in the real world.  In this course, we will focus only on tools, topics and practical live demonstration that will make you successful as a security researcher and bug hunter.  The course is incredibly hands on and will cover all essential topics.

This is a short-term beginner-friendly practical course that covers different types of offensive techniques and strategical approach to pentest the web application.

Takeaways: After this course you will be able to find various types of vulnerabilities which you often miss during your assessment.

Modules Introduced in this Course:

    Defining the target Scope
    Understanding Application Business Logic
    Threat Mapping
    Performing scope based recon
    Performing Manual Pentesting
    Performing Application Specific Attacks
    Introduction to Juice Shop
    Hitting hard Juice shop
    Application navigation to each feature
    SSL/TLS Enumeration Attacks
    Banner Exploits
    Version Enumeration
    Sensitive data fetching using FTP Exploration
    Leaked Information lookup in Page Source
    Authentication Authorization Flaws
    XSS Exploits
    Injection Attacks
    Client Side Validation Bypass Attacks
    Parameter Pollution Attack
    Force Data Pushing Attack
    Session Based Flaws
    Hunt For Injection and IDOR
    Privilege Escalation Hunt
    Exploit File Upload Feature
    Role Level Checks Bypass
    Business Logic Bypass Exploit
    Broken Access Control
    Payment Gateway Bypass attacks
    Missing Server Side Validation Exploit

Note: This course has been created for educational purposes only. All attacks shown were done so with given permission. Please do not attack a host unless you have permission to do so.
Who this course is for:

    Students who all are looking to join the journey of Corporates as a Pentester
    Security Researchers who wanted to earn more in Bug Bounty

Requirements

    Basics of web application security
    OWASP Top 10 Attacks
    BurpSuite

Last Updated 4/2021