Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
Practical Bug Bounty
Introduction
Course Introduction (6:14)
Course Discord
Web Application Security
Importance of Web Application Security (6:23)
Web Application Security Standards and Best Practices (13:31)
Bug Bounty Hunting vs Penetration Testing (10:18)
Phases of a Web Application Penetration Test (17:20)
Section Quiz
Before We Attack
CryptoCat Introduction (1:42)
Understanding Scope, Ethics, Code of Conduct, etc. (14:10)
Common Scoping Mistakes (24:30)
Lab Build
Installing VMWare / VirtualBox (3:14)
Installing Linux (9:06)
Lab Installation (7:15)
Web Application Technologies
Web Technologies (4:38)
HTTP & DNS (3:32)
Section Quiz
Reconnaissance and Information Gathering
Fingerprinting Web Technologies (12:13)
Directory Enumeration and Brute Forcing (20:06)
Subdomain Enumeration (17:36)
Burp Suite Overview (38:52)
Section Quiz
Authentication and Authorization Attacks
Introduction to Authentication (1:36)
Brute-force Attacks (6:59)
Attacking MFA (5:26)
Authentication Challenge Walkthrough (9:59)
Introduction to Authorization (1:11)
IDOR - Insecure Direct Object Reference (6:27)
Introduction to APIs (4:48)
Broken Access Control (8:28)
Testing with Autorize (7:28)
Injection Attacks
Introduction to Local and Remote File Inclusion (LFI/RFI) (1:37)
Local File Inclusion Attacks (4:20)
Remote File Inclusion Attacks (7:38)
File Inclusion Challenge Walkthrough (4:28)
Introduction to SQL Injection (4:03)
Basic SQL Injection Attacks (9:38)
Blind SQL Injection Attacks - Part 1 (9:52)
Blind SQL Injection Attacks - Part 2 (12:53)
SQL Injection Challenge Walkthrough (5:36)
Second Order SQL Injection (2:59)
Introduction to Cross-Site Scripting (XSS) (4:50)
Basic Cross-Site Scripting (XSS) Attacks (3:15)
Stored Cross-Site Scripting (XSS) Attacks (7:38)
Cross-Site Scripting (XSS) Challenge Walkthrough (3:24)
Introduction to Command Injection (2:24)
Command Injection Attacks (4:57)
Blind Command Injection (3:57)
Command Injection Challenge Walkthrough (4:04)
Introduction to Server-Side Template Injection (SSTI) (1:08)
Exploiting Server-Side Template Injection (SSTI) (5:14)
Server-Side Template Injection (SSTI) Challenge Walkthrough (3:31)
XML External Entity (XXE) Injection (5:55)
Introduction to Insecure File Uploads (0:31)
Insecure File Upload Client-Side Controls Bypass (8:48)
Insecure File Upload Bypasses (9:13)
Insecure File Uploads Challenge Walkthrough (3:29)
Automated Tools
Automated Scanners (10:17)
Scripting and Automation (19:43)
Section Quiz
Other Common Vulnerabilities
Introduction to Cross-Site Request Forgery (CSRF) (1:53)
Cross-Site Request Forgery (CSRF) Attacks (5:50)
Cross-Site Request Forgery (CSRF) Token Bypass (5:40)
Introduction to Server-Side Request Forgery (SSRF) (1:24)
Exploiting Server-Side Request Forgery (SSRF) (4:06)
Blind Server-Side Request Forgery (SSRF) (2:54)
Introduction to Subdomain Takeovers (1:43)
Open Redirects (2:19)
Introduction to Vulnerable Components (1:33)
Reporting
Understanding CVSS: Part 1 (14:36)
Understanding CVSS: Part 2 (14:44)
Writing Effective Penetration Testing Reports (22:49)
Vulnerability Reporting and Disclosure (VDP) (6:30)
Communicating with Clients and Triagers (10:37)
Mistakes from Triager's Perspective (13:36)
Section Quiz
Evasion Techniques
WAF Identification and Fingerprinting (6:46)
Bypassing Input Validation and Encoding Techniques (8:22)
Wrapping up
How to Pick Bug Bounty Programs (9:03)
Course Conclusion (2:18)
Local File Inclusion Attacks
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock