Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Learn Bug Bounty Hunting & Web Security Testing From Scratch
Training Overview
Description of Training
Video Overview (3:08)
Section 1 - Introduction
Lecture 1 - Course Introduction (3:08)
Lecture 2 - Introduction to Bug Hunting (6:43)
Lecture 3 - What is a Website? (5:16)
Section 2 - Information Disclosure vulnerabilities
Lecture 4 - Introduction to Information Disclosure Vulnerabilities (1:49)
Lecture 5 - Discovering Database Login Credentials (9:25)
Lecture 6 - Discovering Endpoints & Sensitive Data (8:01)
Lecture 7 - Introduction to HTTP Status Codes (7:45)
Lecture 8 - Employing the Hacker / Bug Hunter Mentality to Discover Admin Login Information (8:16)
Lecture 9 - Manipulating Application Behaviour Through the HTTP GET Method (5:46)
Lecture 10 - Manipulating Application Behaviour Through the HTTP POST Method (6:49)
Lecture 11 - Intercepting Requests With Brup Proxy (10:21)
Section 3 - Broken Access Control Vulnerabilities
Lecture 12 - Introduction to Broken Access Control Vulnerabilities (1:11)
Lecture 13 - Cookie Manipulation (8:14)
Lecture 14 - Accessing Private User Data (7:20)
Lecture 15 - Discovering IDOR Vulnerabilities (Insecure Direct Object Reference) (9:00)
Lecture 16 - Privilege Escalation with Burp Repeater (9:30)
Lecture 17 - Debugging Flows with HTTP TRACE & Gaining Admin Access! (8:05)
Section 4 - Path/Directory Traversal
Lecture 18 - Introduction to Path Traversal Vulnerabilities & Basic Discovery (9:30)
Lecture 19 - Bypassing Absolute Path Restriction (4:41)
Lecture 20 - Bypassing Hard-coded Extensions (4:22)
Lecture 21 - Bypassing Filtering (4:07)
Lecture 22 - Bypassing Hard-coded Paths (4:31)
Lecture 23 - Bypassing Advanced Filtering (6:10)
Lecture 24 - Bypassing Extreme Filtering (8:37)
Section 5 - CSRF - Client-Side Request Forgery
Lecture 25 - Discovering & Exploiting CSRF Vulnerabilities (9:19)
Section 6 - OAUTH 2.0 Vulnerabilities
Lecture 26 - Introduction to OAUTH 2.0 (4:21)
Lecture 27 - OAUTH 2.0 Basic Exploitation (9:48)
Lecture 28 - Exploiting a Linking OAUTH 2.0 Flow Through CSRF (12:23)
Lecture 29 - Exploiting a Login OAUTH 2.0 Flow Through CSRF (13:19)
Section 7 - Injection Vulnerabilities
Lecture 30 - Introduction to Injection Vulnerabilities (1:21)
Section 8 - OS Command Injection
Lecture 31 - Discovering a Basic Command Injection Vulnerability (7:40)
Lecture 32 - Discovering Blind Command Injection Vulnerabilities (9:00)
Lecture 33 - Discovering Asynchronous Blind Command Injection Vulnerabilities (8:08)
Lecture 34 - Using Burp Collaborator to Exploit Asynchronous Blind Command Injection (5:28)
Section 9 - XSS - Cross Site Scripting
Lecture 35 - Introduction to XSS Vulnerabilities & Its Types (4:01)
Lecture 36 - Discovering a HTML Injection Vulnerability (5:23)
Lecture 37 - Discovering Reflected & Stored XSS Vulnerabilities (5:29)
Section 10 - DOM XSS Vulnerabilities
Lecture 38 - Introduction to DOM XSS Vulnerabilities (5:23)
Lecture 39 - Discovering a Reflected DOM XSS in a Link (5:40)
Lecture 40 - Discovering a Reflected XSS in an Image Tag! (5:42)
Lecture 41 - Injecting Javascript Directly in a Page Script (6:25)
Lecture 42 - Discovering XSS in a Drop-down Menu (4:25)
Lecture 43 - Discovering XSS in AngularJS Application (4:18)
Section 11 - XSS - Bypassing Security
Lecture 44 - Bypassing Basic Filtering (5:59)
Lecture 45 - Bypassing Single-Quotes Filtering (7:33)
Lecture 46 - Bypassing Advanced Filtering (10:22)
Lecture 47 - Bypassing Server-Side Filtering (6:43)
Lecture 48 - Bypassing Extreme Filtering with Burp Intruder (9:21)
Section 12 - Bypassing Content Security Policy (CSP)
Lecture 49 - Analysing the Target Application (5:46)
Lecture 50 - Discovering an XSS in a CSP Enabled Application (8:15)
Section 13 - SQL Injection Vulnerabilities
Lecture 51 - Introduction to SQL Injection Vulnerabilities (7:20)
Lecture 52 - Discovering SQL Injections (7:22)
Lecture 53 - Bypassing Admin Login Using Logical Operators (4:43)
Lecture 54 - Selecting Data From the Database (7:56)
Lecture 55 - Accessing The Database Admin Records (6:44)
Section 14 - Blind SQL Injections
Lecture 56 - Discovering Blind SQL Injections (5:56)
Lecture 57 - Enumerating Table & Column Names (10:07)
Lecture 58 - Recovering Administrator Password With Burp Intruder (7:56)
Lecture 59 - Using the Cluster-Bomb Attack to Recover Passwords (7:30)
Section 15 - Time-Based Blind SQL Injection
Lecture 60 - Discovering Time-Based Blind SQLi (8:07)
Lecture 61 - Extracting Data From the Database Using a Time-Based Blind SQLi (10:30)
Lecture 62 - Getting The Admin Password Using a Time-Based Blind SQLi (9:34)
Section 16 - SSRF (Server-Side Request Forgery)
Lecture 63 - Introduction to SSRF Vulnerabilities (0:48)
Lecture 64 - Theory Behind SSRF Vulnerabilities & Their Impact (6:52)
Lecture 65 - Discovering a Basic SSRF Vulnerability (5:01)
Lecture 66 - Accessing Private (Admin) Resources Using an SSRF Vulnerability (6:26)
Section 17 - SSRF - Advanced Exploitation
Lecture 67 - Advanced SSRF Discovery (5:54)
Lecture 68 - Scanning & Mapping Internal Network & Services (7:43)
Section 18 - SSRF - Bypassing Security
Lecture 69 - Bypassing Blacklists (8:10)
Lecture 70 - Bypassing Whitelists (9:40)
Lecture 71 - Chaining Open Redirection with SSRF to Bypass Restrictive Filters (6:44)
Section 19 - Blind SSRF Vulnerabilities
Lecture 72 - Introduction to Blind SSRF Vulnerabilities (3:58)
Lecture 73 - Discovering Blind SSRF Vulnerabilities (6:19)
Lecture 74 - Exploiting Blind SSRF Vulnerabilities (7:48)
Lecture 75 - Escalating Blind SSRF to a Remote Code Execution (RCE) (7:55)
Section 20 - XXE (XML External Entity) Injection
Lecture 76 - Introduction to XXE Injection Vulnerabilities (0:48)
Lecture 77 - What is XML? (3:21)
Lecture 78 - Exploiting a Basic XXE Injection (8:43)
Lecture 79 - Discovering an SSRF Through a Blind XXE (6:37)
Section 21 - 2 Hour Live Bug Hunting !
Lecture 80 - Introduction (1:40)
Lecture 81 - Overview of the Target (8:57)
Lecture 82 - Discovering an Open Redirect Vulnerability (6:42)
Lecture 83 - Discovering a an XSS in the Response (9:09)
Lecture 84 - Discovering an XSS in a HTML Comment (8:54)
Lecture 85 - Discovering an XSS in a Date Picker (5:53)
Lecture 86 - Broken Access Control in Booking Page (5:52)
Lecture 87 - Analysing Application Files & Finding Sensitive Data (11:57)
Lecture 88 - Discovering Endpoints Hidden In Code (3:54)
Lecture 89 - Discovering an IDOR - Insecure Direct Object Reference (3:38)
Lecture 90 - Discovering Hidden Endpoints Using Regex (9:10)
Lecture 91 - Discovering a Complex Stored XSS (10:42)
Lecture 92 - Discovering Bugs in Hidden Elements (8:01)
Lecture 93 - Discovering Bugs in Hidden Parameters (6:42)
Section 22 - Participating in Bug Bounty Programs
Lecture 94 - Hacker1 Overview (10:25)
Lecture 95 - Bug-Bounty Overview (6:36)
Lecture 96 - Submitting a Bug Report (8:10)
Audio Version of Training
Audio Download
Lecture 41 - Injecting Javascript Directly in a Page Script
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock