Scribd
Upload
282 views4 pages

Bug Bounty Hunting - Complete Guide To An Innovative Earning Process

This document outlines the table of contents for a Bug Bounty Hunting course. The course covers various topics related to finding vulnerabilities such as information gathering, SQL injection, cross-site scripting, brute forcing, file inclusion, and documenting and reporting vulnerabilities. It includes 18 sections that provide introductions and demonstrations of techniques like bug bounty platforms, setting up labs, using Burp Suite, different types of SQL injection, web application attacks, header injection, client-side attacks, security misconfigurations, and automated vulnerability assessment. The goal is to teach students the skills needed to successfully participate in bug bounty programs.

Uploaded by

Harsh Parasiya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
282 views4 pages

Bug Bounty Hunting - Complete Guide To An Innovative Earning Process

This document outlines the table of contents for a Bug Bounty Hunting course. The course covers various topics related to finding vulnerabilities such as information gathering, SQL injection, cross-site scripting, brute forcing, file inclusion, and documenting and reporting vulnerabilities. It includes 18 sections that provide introductions and demonstrations of techniques like bug bounty platforms, setting up labs, using Burp Suite, different types of SQL injection, web application attacks, header injection, client-side attacks, security misconfigurations, and automated vulnerability assessment. The goal is to teach students the skills needed to successfully participate in bug bounty programs.

Uploaded by

Harsh Parasiya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Bug Bounty Hunting Course

1 Introduction to Bug Bounty

What is a Bug Bounty Program?


Popular Bug Bounty Platforms
Bugcrowd (Demo)
HackerOne(Demo)
Benefits of Bug Bounty
Brief About Common Vulnerabilities
CONTENT
Hacking Terminologies
TABLE OF

Information Gathering Basics


2
What is Information Gathering?
Concept of Digital Footprinting
What Information to gather?
What is Whois Information
Information gathering about People & Organization
Gathering Information about Websites
Google Dorking & GHDB

Setting Up Labs
3
DVWA Introduction & Configuration
bWAPP Introduction & Configuration

Introduction to Burp Suite


4
Introduction to Burp Suite
Steps to Configure (Demo)

SQL Injection
5
Introduction to SQL
Writing Basic SQL Query
Different types of comments used in SQL
Bug Bounty Hunting Course

SQLi Introduction & Impact


Union Based SQLi (Demo)
Boolean Based SQli
Time Based SQLi

6 Web Application Attacks

Validation Bypass (Client and Server)


IDOR Vulnerability
IDOR on bWAPP
Rate Limiting Flaw
File Upload Vulnerability
File Upload on DVWA
Live IDOR POC
Live Rate Limiting Flaw POC

7 Cross site Script

What Is Cross Site Scripting(XSS)?


Stored XSS
Stored XSS (DVWA)
Reflected XSS
Reflected XSS (DVWA)
DOM based XSS
Blind XSS
Live XSS POC

Header Injection & URL Redirection


8
Host Header Injection methods & URL redirection
Live Host Header Injection POC
Live URL Redirection POC
Bug Bounty Hunting Course

9 Client Side Attack

Understanding Session, Cookies & Session Fixation


Forced Browsing
Cross Site Request Forgery Introduction
CSRF Attack(DVWA)
Open Redirections
Personally Identifiable Information (PII) Leakage
Sensitive Information Disclosure
Live CSRF POC
Live Sensitive Information POC
Live Session Fixation POC

Brute Forcing
10
Brief about Brute Force
Brute Force (DVWA)
Live OTP Brute Force POC

Security Misconfigurations &


Exploiting Web Apps
11
Security Misconfigurations & Improper File Handling
Guessing Weak Passwords
Live SPF Record Missing POC

Insecure CORS
12
Concept about CORS

File Inclusion
13
Local File Inclusion
Remote File Inclusion
File Inclusion (DVWA)
Live LFI POC
Bug Bounty Hunting Course

14 Server-Side Request Forgery

What is SSRF?

Insecure Captcha
15
Brief about Insecure Captcha
Live Captcha Bypass POC

Automating VAPT & Advanced Information


16 Gathering

Introduction to Automated VAPT & Advance


Level Information Gathering

Documenting & Reporting Vulnerability


17
Introduction to VAPT Reporting

Conclusion
18
Conclusion of Bug Bounty

You might also like