The Ultimate Web Application Bug Bounty Hunting Course
Author: softwarekeygencrack on 2-05-2023, 09:52, Views: 98
Published 4/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 6.46 GB | Duration: 12h 22m
Bug Bounty Hunting from Zero to Hero. Become a successful Web Application Bug Bounty Hunter
Free Download What you'll learn
web application vulnerabilities
web application penetration testing
Become a web app bug bounty hunter
100+ ethical hacking & security videos
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
Open Redirect
Bypassing Access Control
Server-side request forgery (SSRF)
SQL injection
OS command injection
Insecure Direct Object References (IDOR)
XML external entity (XXE) injection
API Testing
File upload vulnerabilities
Java Script analysis
Cross-origin resource sharing (CORS)
Business logic vulnerabilities
Registration flaws
Login flaws
Password reset flaws
Updating account flaws
Developer tools flaws
Analysis of core application
Payment feature flaws
Premium feature flaws
Directory Traversal
Bug Hunting Methodology
Requirements
Basic IT Skills
Basic understanding of web technology
No Linux, programming or hacking knowledge required
Computer with a minimum of 4GB ram/memory
Operating System: Windows / Apple Mac OS / Linux
Reliable internet connection
Burp Suite Community (Pro optional)
Firefox Web Browser
Description
Welcome to the ultimate Web Application Bug Bounty Hunting course.Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.In this course Martin walks students through a step-by-step methodology on how to uncover web vulnerabilities. The theoretical lecture is complimented with the relevant free practical Burp labs to reinforce the knowledge. Martin is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to become a professional Web Application Bug Bounty Hunter.Course outline:1. Cross-site scripting (XSS) – Theory and Labs2. Cross-site request forgery (CSRF) – Theory and Labs3. Open Redirect – Theory and Labs4. Bypassing Access Control – Theory and Labs5. Server-side request forgery (SSRF) – Theory and Labs6. SQL injection – Theory and Labs7. OS command injection – Theory and Labs8. Insecure Direct Object References (IDOR) – Theory and Labs9. XML external entity (XXE) injection – Theory and Labs10. API Testing – Theory and Labs11. File upload vulnerabilities – Theory and Labs12. Java Script analysis – Theory and Labs13. Cross-origin resource sharing (CORS) – Theory and Labs14. Business logic vulnerabilities – Theory and Labs15. Registration flaws16. Login flaws17. Password reset flaws18. Updating account flaws19. Developer tool flaws20. Analysis of core application21. Payment feature flaws22. Premium feature flaws23. Directory Traversal – Theory and Labs24. Methodology to find most bugsNotes & DisclaimerPortswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don't feel frustrated if you don't find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Cross-site scripting (XSS)
Lecture 2 XSS Methodology
Lecture 3 XSS Links and Slides
Lecture 4 Reflected XSS into HTML context with nothing encoded
Lecture 5 Stored XSS into HTML context with nothing encoded
Lecture 6 DOM XSS in document.write sink using source location.search
Lecture 7 DOM XSS in innerHTML sink using source location.search
Lecture 8 DOM XSS in jQuery anchor href attribute sink using location.search source
Lecture 9 DOM XSS in jQuery selector sink using a hashchange event
Lecture 10 Reflected XSS into attribute with angle brackets HTML-encoded
Lecture 11 Stored XSS into anchor href attribute with double quotes HTML-encoded
Lecture 12 Reflected XSS into a javascript string with angle brackets HTML encoded
Lecture 13 DOM XSS in document.write sink using source location.search inside a select elem
Lecture 14 DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encod
Lecture 15 Reflected DOM XSS
Lecture 16 Stored DOM XSS
Lecture 17 Exploiting cross-site scripting to steal cookies
Lecture 18 Exploiting cross-site scripting to capture passwords
Lecture 19 Exploiting XSS to perform CSRF
Lecture 20 Reflected XSS into HTML context with most tags and attributes blocked
Lecture 21 Reflected XSS into HTML context with all tags blocked except custom ones
Lecture 22 Reflected XSS with some SVG markup allowed
Lecture 23 Reflected XSS in canonical link tag
Lecture 24 Reflected XSS into a javascript string with single quote and backslash escaped
Lecture 25 Reflected XSS into a javascript string with angle brackets and double quotes HTM
Lecture 26 Stored XSS into onclick event with angle brackets and double quotes HTML-encoded
Lecture 27 Reflected XSS into a template literal with angle brackets, single, double quotes
Section 3: Cross-site request forgery (CSRF)
Lecture 28 CSRF Methodology
Lecture 29 CSRF Links and Slides
Lecture 30 CSRF vulnerability with no defenses
Lecture 31 CSRF where token validation depends on request method
Lecture 32 CSRF where token validation depends on token being present
Lecture 33 CSRF where token is not tied to user session
Lecture 34 CSRF where token is tied to non-session cookie
Lecture 35 CSRF where token is duplicated in cookie
Lecture 36 SameSite Lax bypass via method override
Lecture 37 SameSite Strict bypass via client-side redirect
Lecture 38 SameSite Strict bypass via sibling domain
Lecture 39 SameSite Lax bypass via cookie refresh
Lecture 40 CSRF where Referer validation depends on header being present
Lecture 41 CSRF with broken Referer validation
Section 4: Open Redirect
Lecture 42 Open Redirect Methodology
Lecture 43 Open Redirect Links and Slides
Lecture 44 Open Redirect Lab 1
Lecture 45 Open Redirect Lab 2
Lecture 46 Open Redirect Lab 3
Lecture 47 Open Redirect Lab 4
Section 5: Bypassing Access Control
Lecture 48 Bypassing Access Control Methodology
Lecture 49 Bypassing Access Control Links and Slides
Lecture 50 Unprotected admin functionality
Lecture 51 Unprotected admin functionality with unpredictable URL
Lecture 52 User role controlled by request parameter
Lecture 53 User role can be modified in user profile
Lecture 54 User ID controlled by request parameter
Lecture 55 User ID controlled by request parameter, with unpredictable user IDs
Lecture 56 User ID controlled by request parameter with data leakage in redirect
Lecture 57 User ID controlled by request parameter with password disclosure
Lecture 58 URL-based access control can be circumvented
Lecture 59 Method-based access control can be circumvented
Lecture 60 Multi-step process with no access control on one step
Lecture 61 Referer-based access control
Section 6: Server-side request forgery (SSRF)
Lecture 62 Server-side request forgery (SSRF) Methodology
Lecture 63 Server-side request forgery (SSRF) Links and Slides
Lecture 64 Basic SSRF against the local server
Lecture 65 Basic SSRF against another back-end system
Lecture 66 SSRF with blacklist-based input filter
Lecture 67 SSRF with filter bypass via open redirection vulnerability
Lecture 68 Blind SSRF with out-of-band detection
Section 7: SQL injection
Lecture 69 SQL injection Methodology
Lecture 70 SQL injection Links and Slides
Lecture 71 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Lecture 72 SQL injection vulnerability allowing login bypass
Lecture 73 SQL injection UNION attack, determining the number of columns returned
Lecture 74 SQL injection UNION attack, finding a column containing text
Lecture 75 SQL injection UNION attack, retrieving data from other tables
Lecture 76 SQL injection UNION attack, retrieving multiple values in a single column
Lecture 77 SQL injection attack, querying the database type and version on Oracle
Lecture 78 SQL injection attack, querying the database type and version on MySQL and MS
Lecture 79 SQL injection attack, listing the database contents on non-Oracle databases
Lecture 80 SQL injection attack, listing the database contents on Oracle
Lecture 81 Blind SQL injection with conditional responses
Lecture 82 Blind SQL injection with conditional errors
Lecture 83 Blind SQL injection with time delays
Lecture 84 Blind SQL injection with time delays and information retrieval
Lecture 85 Blind SQL injection with out-of-band interaction
Lecture 86 Blind SQL injection with out-of-band data exfiltration
Lecture 87 SQL injection with filter bypass via XML encoding
Section 8: OS command injection
Lecture 88 OS command injection Methodology
Lecture 89 OS command injection Links and Slides
Lecture 90 OS command injection, simple case
Lecture 91 Blind OS command injection with time delays
Lecture 92 Blind OS command injection with output redirection
Lecture 93 Blind OS command injection with out-of-band interaction
Lecture 94 Blind OS command injection with out-of-band data exfiltration
Section 9: Insecure Direct Object References (IDOR)
Lecture 95 Insecure Direct Object References (IDOR) Methodology
Lecture 96 Insecure Direct Object References (IDOR) Links and Slides
Lecture 97 IDOR Lab 1
Lecture 98 IDOR Lab 2
Lecture 99 IDOR Lab 3
Lecture 100 IDOR Lab 4
Section 10: XML external entity (XXE) injection
Lecture 101 XML external entity (XXE) injection Methodology
Lecture 102 XML external entity (XXE) injection Links and Slides
Lecture 103 Exploiting XXE using external entities to retrieve files
Lecture 104 Exploiting XXE to perform SSRF attacks
Lecture 105 Blind XXE with out-of-band interaction
Lecture 106 Blind XXE with out-of-band interaction via XML parameter entities
Lecture 107 Exploiting blind XXE to exfiltrate data using a malicious external DTD
Lecture 108 Exploiting blind XXE to retrieve data via error messages
Lecture 109 Exploiting XInclude to retrieve files
Lecture 110 Exploiting XXE via image file upload
Section 11: API Testing
Lecture 111 API Methodology
Lecture 112 API Links and Slides
Section 12: File upload vulnerabilities
Lecture 113 File upload vulnerabilities Methodology
Lecture 114 File upload vulnerabilities Links and Slides
Lecture 115 Remote code execution via web shell upload
Lecture 116 Web shell upload via Content-Type restriction bypass
Lecture 117 Web shell upload via path traversal
Lecture 118 Web shell upload via extension blacklist bypass
Lecture 119 Web shell upload via obfuscated file extension
Lecture 120 Remote code execution via polyglot web shell upload
Section 13: Java Script analysis
Lecture 121 Java Script analysis Methodology
Lecture 122 Java Script analysis Links and Slides
Lecture 123 Java Script Lab 1
Lecture 124 Java Script Lab 2
Lecture 125 Java Script Lab 3
Lecture 126 Java Script Lab 4
Section 14: Cross-origin resource sharing (CORS)
Lecture 127 Cross-origin resource sharing (CORS) Methodology
Lecture 128 Cross-origin resource sharing (CORS) Links and Slides
Lecture 129 CORS vulnerability with basic origin reflection
Lecture 130 CORS vulnerability with trusted null origin
Lecture 131 CORS vulnerability with trusted insecure protocols
Section 15: Business logic vulnerabilities
Lecture 132 Business logic vulnerabilities Methodology
Lecture 133 Business logic vulnerabilities Links and Slides
Lecture 134 Excessive trust in client-side controls
Lecture 135 High-level logic vulnerability
Lecture 136 Inconsistent security controls
Lecture 137 Flawed enforcement of business rules
Lecture 138 Low-level logic flaw
Lecture 139 Inconsistent handling of exceptional input
Lecture 140 Weak isolation on dual-use endpoint
Lecture 141 Insufficient workflow validation
Lecture 142 Authentication bypass via flawed state machine
Lecture 143 Infinite money logic flaw
Lecture 144 Authentication bypass via encryption oracle
Section 16: Registration flaws
Lecture 145 Registration flaws Methodology
Lecture 146 Registration flaws Slides
Section 17: Login flaws
Lecture 147 Login flaws Methodology
Lecture 148 Login flaws Slides
Section 18: Password reset flaws
Lecture 149 Password reset flaws Methodology
Lecture 150 Password reset flaws Slides
Lecture 151 Password reset broken logic
Lecture 152 Password reset poisoning via middleware
Lecture 153 Basic password reset poisoning
Section 19: Updating account flaws
Lecture 154 Updating account Methodology
Lecture 155 Updating account flaws Slides
Section 20: Developer tools flaws
Lecture 156 Developer tools Methodology
Lecture 157 Developer tools flaws Slides
Section 21: Analysis of the core application
Lecture 158 Analysis of the core application Methodology
Lecture 159 Analysis of the core application Slides
Section 22: Payment feature flaws
Lecture 160 Payment feature Methodology
Lecture 161 Payment feature flaws Slides
Section 23: Premium feature flaws
Lecture 162 Premium feature Methodology
Lecture 163 Premium feature flaws Slides
Section 24: Directory Traversal
Lecture 164 Directory Traversal Methodology
Lecture 165 Directory Traversal flaws Links and Slides
Lecture 166 File path traversal, simple case
Lecture 167 File path traversal, traversal sequences blocked with absolute path bypass
Lecture 168 File path traversal, traversal sequences stripped non-recursively
Lecture 169 File path traversal, traversal sequences stripped with superfluous URL-decode
Lecture 170 File path traversal, validation of start of path
Lecture 171 File path traversal, validation of file extension with null byte bypass
Section 25: Methodology to find most bugs
Lecture 172 Bug Finding Methodology
Lecture 173 Bug Finding Slides
Anybody interested in ethical web application hacking / web application penetration testing,Anybody interested in becoming a web application bug bounty hunter,Anybody interested in learning how hackers hack web applications,Developers looking to expand on their knowledge of vulnerabilities that may impact them,Anyone interested in application security,Anyone interested in Red teaming,Anyone interested in offensive security
Homepage
https://www.udemy.com/course/the-ultimate-web-application-bug-bounty-hunting-course/
Buy Premium From My Links To Get Resumable Support,Max Speed & Support Me
Links are Interchangeable - Single Extraction
Comments
