Learn Bug Bounty Hunting & Web Security Testing From Scratch

سرفصل های دوره

Learn how to discover bugs / vulnerabilities like experts | OWASP top 10 + more | No prior knowledge required

1. Introduction

1. Introduction

2. What is a Website

2. Information Disclosure vulnerabilities

1.1 Information Disclosure slides.pdf

1. Introduction to Information Disclosure Vulnerabilities

2.1 Target website link.html

2. Discovering Database Login Credentials

3.1 Target website link.html

3.2 Wordlist Repository.html

3. Discovering Endpoints & Sensitive Data

4.1 Target website link.html

4. Introduction to HTTP Status Codes

5. Employing the Hacker Bug Hunter Mentality to Discover Admin Login Information

6.1 Target website link.html

6. Manipulating Application Behaviour Through the HTTP GET Method

7. Manipulating Application Behaviour Through the HTTP POST Method

8. Intercepting Requests With Brup Proxy

3. Broken Access Control Vulnerabilities

1.1 Broken Access Control slides.pdf

1. Introduction to Broken Access Control Vulnerabilities

2.1 Target website link.html

2. Cookie Manipulation

3.1 Target website link.html

3. Accessing Private User Data

4.1 Target website link.html

4. Discovering IDOR Vulnerabilities (Insecure Direct Object Reference)

5.1 Target website link.html

5. Privilege Escalation with Burp Repeater

6.1 Target website link.html

6. Debugging Flows with HTTP TRACE & Gaining Admin Access!

4. Path Directory Traversal

1.1 Path Traversal slides.pdf

1.2 Target website link.html

1. Introduction to Path Traversal Vulnerabilities & Basic Discovery

2.1 Target website link.html

2. Bypassing Absolute Path Restriction

3.1 Target website link.html

3. Bypassing Hard-coded Extensions

4.1 Target website link.html

4. Bypassing Filtering

5.1 Target website link.html

5. Bypassing Hard-coded Paths

6.1 Target website link.html

6. Bypassing Advanced Filtering

7.1 directory-traversal-cheatsheet.zip

7.2 Target website link.html

7. Bypassing Extreme Filtering

5. CSRF - Client-Side Request Forgery

1.1 CSRF slides.pdf

1.2 Target website link.html

1. Discovering & Exploiting CSRF Vulnerabilities

6. OAUTH 2.0 Vulnerabilities

1.1 OAUTH 2.0 slides.pdf

1. Introduction to OAUTH 2.0

2.1 Target website link.html

2. OAUTH 2.0 Basic Exploitation

3.1 Target website link.html

3. Exploiting a Linking OAUTH 2.0 Flow Through CSRF

4.1 Target website link.html

4. Exploiting a Login OAUTH 2.0 Flow Through CSRF

7. Injection Vulnerabilities

1. Introduction to Injection Vulnerabilities

8. OS Command Injection

1.1 Command Injection slides.pdf

1.2 Target website link.html

1. Discovering a Basic Command Injection Vulnerability

2.1 Target website link.html

2. Discovering Blind Command Injection Vulnerabilities

3.1 Target website link.html

3. Discovering Asynchronous Blind Command Injection Vulnerabilities

4. Using Burp Collaborator to Exploit Asynchronous Blind Command Injection

9. XSS - Cross Site Scripting

1.1 XSS slides.pdf

1. Introduction to XSS Vulnerabilities & Its Types

2.1 Target website link.html

2. Discovering a HTML Injection Vulnerability

3. Discovering Reflected & Stored XSS Vulnerabilities

10. DOM XSS Vulnerabilities

1. Introduction to DOM XSS Vulnerabilities

2.1 Target website link.html

2. Discovering a Reflected DOM XSS in a Link

3.1 Target website link.html

3. Discovering a Reflected XSS in an Image Tag!

4.1 Target website link.html

4. Injecting Javascript Directly in a Page Script

5.1 Target website link.html

5. Discovering XSS in a Drop-down Menu

6.1 Target website link.html

6. Discovering XSS in AngularJS Application

11. XSS - Bypassing Security

1.1 Target website link.html

1. Bypassing Basic Filtering

2.1 Target website link.html

2. Bypassing Single-Quotes Filtering

3.1 Target website link.html

3. Bypassing Advanced Filtering

4.1 Target website link.html

4. Bypassing Server-Side Filtering

5.1 Target website link.html

5.2 XSS Cheatsheet.html

5. Bypassing Extreme Filtering with Burp Intruder

12. Bypassing Content Security Policy (CSP)

1.1 Target website link.html

1. Analysing the Target Application

2. Discovering an XSS in a CSP Enabled Application

13. SQL Injection Vulnerabilities

1.1 SQLi slides.pdf

1. Introduction to SQL Injection Vulnerabilities

2.1 Target website link.html

2. Discovering SQL Injections

3.1 Target website link.html

3. Bypassing Admin Login Using Logical Operators

4.1 Target website link.html

4. Selecting Data From the Database

5.1 Target website link.html

5. Accessing The Database Admin Records

14. Blind SQL Injections

1.1 Target website link.html

1. Discovering Blind SQL Injections

2.1 Target website link.html

2. Enumerating Table & Column Names

3.1 Target website link.html

3. Recovering Administrator Password With Burp Intruder

4.1 Target website link.html

4. Using the Cluster-Bomb Attack to Recover Passwords

15. Time-Based Blind SQL Injection

1.1 Target website link.html

1. Discovering Time-Based Blind SQLi

2.1 Target website link.html

2. Extracting Data From the Database Using a Time-Based Blind SQLi

3.1 Target website link.html

3. Getting The Admin Password Using a Time-Based Blind SQLi

16. SSRF (Server-Side Request Forgery)

1.1 SSRF slides.pdf

1. Introduction to SSRF Vulnerabilities

2. Theory Behind SSRF Vulnerabilities & Their Impact

3.1 Target website link.html

3. Discovering a Basic SSRF Vulnerability

4.1 Target website link.html

4. Accessing Private (Admin) Resources Using an SSRF Vulnerability

17. SSRF - Advanced Exploitation

1.1 Target website link.html

1. Advanced SSRF Discovery

2.1 Target website link.html

2. Scanning & Mapping Internal Network & Services

18. SSRF - Bypassing Security

1.1 Target website link.html

1. Bypassing Blacklists

2.1 Target website link.html

2. Bypassing Whitelists

3.1 Target website link.html

3. Chaining Open Redirection with SSRF to Bypass Restrictive Filters

19. Blind SSRF Vulnerabilities

1. Introduction to Blind SSRF Vulnerabilities

2.1 Target website link.html

2. Discovering Blind SSRF Vulnerabilities

3.1 Target website link.html

3. Exploiting Blind SSRF Vulnerabilities

4.1 Target website link.html

4. Escalating Blind SSRF to a Remote Code Execution (RCE)

20. XXE (XML External Entity) Injection

1.1 XXE slides.pdf

1. Introduction to XXE Injection Vulnerabilities

2. What is XML

3.1 Target website..html

3.2 XXE Cheatsheet.html

3. Exploiting a Basic XXE Injection

4.1 Target website link.html

4. Discovering an SSRF Through a Blind XXE

21. 2 Hour Live Bug Hunting !

1.1 Live bug hunting slides.pdf

1. Introduction

2.1 Target website link.html

2. Overview of the Target

3. Discovering an Open Redirect Vulnerability

4. Discovering a an XSS in the Response

5. Discovering an XSS in a HTML Comment

6. Discovering an XSS in a Date Picker

7. Broken Access Control in Booking Page

8. Analysing Application Files & Finding Sensitive Data

9. Discovering Endpoints Hidden In Code

10. Discovering an IDOR - Insecure Direct Object Reference

11. Discovering Hidden Endpoints Using Regex

12. Discovering a Complex Stored XSS

13. Discovering Bugs in Hidden Elements

14. Discovering Bugs in Hidden Parameters

22. Participating in Bug Bounty Programs

1. Hacker1 Overview

2. Bug-Bounty Overview

3. Submitting a Bug Report

23. Bonus Section

1. Bonus Lecture - Want to learn more.html

53,700 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy-Training