Bug Bounty
Bug Bounty
www.ignitetechnologies.in
ABOUT
Well-Known Entity for Offensive Security
ABOUT US
With an outreach to over a million students
and over thousand colleges, Ignite Technologies stood out
to be a trusted brand in cyber security training and services
WHO
CAN
College Students
IS/IT specialist, analyst, or manager
IS/IT auditor or consultant
IT operations manager
Network security officers and WHY
Practitioners
Site administrators
Level up each candidate by providing the
Technical support engineer
fundamental knowledge required to begin the
Senior systems engineer
Sessions.
Systems analyst or administrator
Hands-on Experience for all Practical
IT security specialist, analyst, manager,
Sessions.
Architect, or administrator
Get Course PDF and famous website links for
IT security officer, auditor, or engineer
content and Tools
Network specialist, analyst, manager,
Customized and flexible training schedule.
Architect, consultant, or administrator
Get recorded videos after the session for each
participant.
Get post-training assistance and backup
sessions.
Common Platform for Group discussion along
with the trainer.
Work-in Professional Trainer to provide realtime
exposure.
Get a training certificate of participation.
WEB PENTEST
Web Pentest program, also known as the Bug Bounty program, is a
crowdsourcing initiative hosted by organizations to give a platform to security researchers and
white hat hackers from across the globe to showcase their skills and discover any security holes
in their infrastructure. Depending upon the severity level of the bug report and the details
presented within the Proof of Concept (POC), they are either rewarded with remuneration or
recognition as a token of appreciation.
While a large majority of the bug bounty programs are public, certain are private events
and are strictly invite-based. Such programs have stringent terms and conditions that the
invitees must always abide by
During this course, you will acquire knowledge in the fundamentals of application security
vulnerabilities and penetration testing.
PREREQUISITES
In order to initiate the Bug Bounty Training, you should be aware of the basic concepts of the
development web applications; frontend and backend.
Pros:
• Less Expensive than Type2 & Type3.
• Get a chance to build connections across the world.
Type 2
A PE RSONALIZE D SESSIONS will be a one-on-one session.
Type 2
A CUSTOM IZE D PE RSONALIZE D session will be a one-on-one session that can be
Pros:
OUR FOCUS
curriculum cohesive.
practices.
Introduction
• Introduction Web Servers & Web Applications
• The Bug Bounty Program
• Web Application Penetration Testing & its Methodologies
• Introduction to HTTP Protocol
• OWASP & its Top 10
• Introduction to Burp Suite
Cryptography
• Check SSL Version, Algorithms, Key Length
• Check For Digital Certificate Validity (Duration, Signature And Cn)
• Check Credentials Only Delivered Over Https
• Check That The Login Form Is Delivered Over Https
• Check Session Tokens Only Delivered Over Https
• Check If Http Strict Transport Security (HSTS) In Use
Authentication
• What is Authentication?
• HTTP Authentication Exploitation
• Introduction to Broken Authentication
• Broken Authentication Exploitation.
• Test For User Enumeration
• Test For Brute force Protection
• Test For Default Logins
• Test Password Reset and/or Recovery
• Test Password Change Process
• Test CAPTCHA
• Test Password Quality Rules
• Test For Autocomplete on Password Forms/ Input
• Mitigation Steps
Session Management
• What are Sessions and Cookies?
• Introduction to Session Management
• Check session tokens for cookie flags
• Check session cookie duration
• Test session cookies for randomness
• Insecure Session Exploitation
• Mitigation Steps
Local File Inclusion
• Introduction to Local File Inclusion
• Basic LFI Technique
• Null byte Technique
• Base64 Technique
• Fuzzing Technique
• LFI Suite
• LFI over File Upload
• LFI Log Poisoning
• Mitigation Steps
Path Traversal
• Linux Server Path Traversal Exploitation
• Basic Path Traversal
• Blocked Traversal Sequence
• Validated Path Traversal
• Path Disclosure in U RL
• Null Byte Bypass
• Windows Server Path Traversal Exploitation
• Basic Path Traversal
• Double dots with Forward-Backward Slashes
• Blocked Traversal Sequences
SQL Injection
• What are Databases?
• Introduction to SQL Injection
• SQL Injection Error Based
• SQL Injection via SQLmap
• Manual SQL Exploitation
• Boolean Based Exploitation
• SQL Injection Form Based Exploitation
• Authentication Bypass
• Remote Code Execution with SQLmap
• Mitigation Steps
XXE Injection
• Introduction to XM L
• Introduction to XXE Injection
• XXE for SSRF
• XXE Billion Laugh Attack
• XXE Exploitation
• Blind XXE
• Mitigation Steps
Bonus Section
• Automated Vulnerability Scanner
• Firefox Add-ons
• Encoding Methods
• Reporting
CONTACT US
Phone No.
+91 9599 387 41 | +91 1145 1031 30
WhatsApp
https://wa.me/message/HIOPPNENLOX6F1
EMAIL ADDRESS
[email protected]
WEBSITE
www.ignitetechnologies.in
BLOG
www.hackingarticles.in
LINKEDIN
https://www.linkedin.com/company/hackingarticles/
TWITTER
https://twitter.com/hackinarticles
GITHUB
https://github.com/ignitetechnologies