Bug Bounty Master Class

Salepage link: At HERE. Archive:

Bug Bounty Master Class

Lifetime support – Download unlimited when you buy Bug Bounty Master Class Course at CourseAvai. The market leader in online learning – Offers a variety of diverse topics: Internet Marketing, Forex & Trading, NLP & Hypnosis, SEO – Traffic, …

Learn methods of Hunting Bugs from a perspective of a bug bounty hunter

Jitendra Kumar Singh

Hacker, Security Researcher, Bug hunter

A bug hunter in virtual life, a shy person in real life. I am a security Ninja with about 2 years of experience in PHP, Testing, Security auditing of Website and Assembly language.

I reported about 150+ bugs to different website like Google, Facebook, Medium, etc

Hall of Fames

• Listed In Google Hall of Fame
• Listed In Facebook Hall of Fame
• Listed in Mapbox Hall of Fame
• Listed in Mediafire Hall of Fame
• Listed in Quiver Hall of Fame
• Listed in AppAnnie Hall of Fame
• Listed in Veris Hall of Fame
• Listed in Imgur Hall of Fame
• Listed in Medium Hall of Fame
• Listed in Ok(.)ru hall of fame
• Listed in Dropbox Hall of Fame
• Listed in Informatica Hall of Fame
• Listed in ItBit hall of fame
• Listed in Shopify Hall of Fame
• Listed in Udemy Hall of Fame
• Listed in Whisper(.)sh hall of Fame

I also like to share my knowledge with other people to do so I write blogs and when I am not doing these thing I love to travel in the different parts of the world.

Bug bounty programs are moving from the realm of novelty towards becoming best practice.They provide an opportunity to level the cyber security playing field, strengthening the security of products as well as cultivating a mutually rewarding relationship with the security researcher community.

While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. Companies are now spending million dollars on bug bounty programs.

Lifetime support – Download unlimited when you buy Bug Bounty Master Class Course at CourseAvai. The market leader in online learning – Offers a variety of diverse topics: Internet Marketing, Forex & Trading, NLP & Hypnosis, SEO – Traffic, …

There are minimum bounty of some companies listed below:

Facebook pays $500

Google pays $100

A person won $33500 for reporting a bug in Facebook. And there are a lot of person who became millionaire only by bug bounties.

So In this you will know how to find bugs in the website, what are things you have to look in a website when you are testing it for some bugs.

We will start from basics — Recon Skills the best and first step towards bug hunting is to gather the information

Then we will learn about bugs , what are they and how to find them in web apps

The profit is not only getting money even you can get fame ( HOF ) and some companies may invite you to their events as well.

In this course you will learn that What is a bug and how to find them in a web application, like which process you have to follow to find them in a Web App. With all the testing methodologies.

PS: I will update this course on regular basis. So if you think any bug is missing let me know I will update that as well

What does Bug Bounty Master Class include?

Introduction

• Introduction (2:28)

Getting Familiar with Burp Suite

• Configuring Burp Suite with Browser (3:18)
• Taget, Proxy and Spider Tabs of Burp Suite (5:25)
• Scanner, Intruder and Repeater Tabs of Burp Suite (5:02)
• Wrapping up Burp Suite (3:57)

Reconnaissance

• Getting The Juicy Information from the Headers (5:38)
• Information Gathering using google Dorks (7:22)
• Google Dorks ( Demo ) (5:33)
• Analyzing Files on Website for Juicy Endpoints (6:34)
• Downloading the Source of a Website (5:27)
• The Dirbuster (4:26)
• Gathering Information using WhatWeb (3:31)
• Enemurating Subdomains (10:24)
• Using The Harvester for finding Public Info (6:04)
• The Way Back Machine (5:16)
• Vhost Discovery (2:54)

Using Nmap for Information Gathering Purposes

• Getting Familiar with NMap (8:23)
• Different Type of Nmap scans (5:50)
• Nmap scans ( Demo ) (4:38)
• Banner Grabbing (4:05)

Getting Starting in Finding bugs

• Installing Your Testing Environment (4:30)
• Testing for HTTP Strict Transport Security (2:51)
• Robots.txt ( Demo ) (4:10)
• HTML Injection (6:22)

Testing For Session Management Issues

• Session Management (5:49)
• Cross Site Request Forgery (8:45)

Authentication Testing

• Broken Authentication (11:54)

Authorization Testing

• IDOR (7:35)
• Directory Traversal (7:39)

Client Side Testing

• Clickjacking (5:21)
• Exploiting CORS (Cross Origin Resource Sharing) (8:30)

Testing For Input Validaton

• HTTP Parameter Pollution (6:10)
• Cross Site Scripting ( XSS ) (12:08)
• Sql Injection ( SqlI ) (5:56)

Unvalidated Redirect and Forwards

• Unvalidated Redirect and Forwards (6:02)

File Upload Vulnerabilities

• Unrestricted file Upload (6:51)

Command Injection – Bug Bounty Master Class

• Command Injection (7:27)