Share Description
In this course, you will :
- Explore the most prevalent web application problems and vulnerabilities.
- Discover bugs among the OWASP's top ten most prevalent security concerns.
- Override filters and security on all covered bugs and vulnerabilities.
- The training concludes with a 2-hour LIVE bug hunt / pentest on a real web application.
- My method to bug detection and online application penetration testing.
- The bug hunter/hacker attitude.
- Efficiency employs Burp Suite to detect bugs and vulnerabilities.
- Find sensitive and hidden information, including paths, files, endpoints, and subdomains.
- Gather information about websites & applications
- Essential topics to bounty hunting.
- HTTP methods & status codes.
- Cookies & cookie manipulation
- HTML basics for bug hunting.
- XML basics for bug hunting.
- Javascript basics for bug hunting.
- Read & analyse headers, requests and responses
- Discover information disclosure vulnerabilities.
- Discover broken access control vulnerabiltiies.
- Discover path / directory traversal vulnerabilities.
- Discover CSRF vulnerabilities.
- Discover IDOR vulnerabilities
- Discover OAUTH 2.0 vulnerabilities
- Discover Injection vulnerabilities.
- Discover Command Injection vulnerabilities
- Discover HTML Injection vulnerabilities
- Discover XSS vulnerabilities (Reflected, Stored & DOM).
- Advanced XSS discovery & bypass techniques
- Discover SQL Injection vulnerabilities.
- Discover Blind SQL Injection vulnerabilities.
- Discover Time-based blind SQL Injection vulnerabilities.
- Discover SSRF vulnerabilities.
- Discover blind SSRF vulnerabilities.
- Discover XXE vulnerabilities.
- The Burp Suite Proxy.
- The Burp Suite Repeater.
- The Burp Suite Filter
- The Burp Suite Intruder.
- The Burp Suite Collaborator.
Syllabus:
- Information Disclosure vulnerabilities
- Broken Access Control Vulnerabilities
- Path / Directory Traversal Vulnerabilities
- CSRF - Cross-Site Request Forgery
- OAUTH 2.0 Vulnerabilities
- Injection Vulnerabilities
- OS Command Injection
- XSS - Cross Site Scripting
- DOM XSS Vulnerabilities
- XSS - Bypassing Security
- Bypassing Content Security Policy (CSP)
- SQL Injection Vulnerabilities
- Blind SQL Injections
- Time-Based Blind SQL Injection
- SSRF (Server-Side Request Forgery)
- SSRF - Advanced Exploitation
- SSRF - Bypassing Security
- Blind SSRF Vulnerabilities
- XXE (XML External Entity) Injection
- 2 Hour Live Bug Hunting !
- Participating in Bug Bounty Programs
