Description
What You Will Learn
Learn how to find bugs in high target Bug Bounty programs- Develop a methodology to effectively find bugs
- Discover about various vulnerability types ranging from web to mobile and IoT systems
- Prove your knowledge in hands-on lab exercises
- Building clear and understandable bug bounty reports
Prerequisites
-
Basic knowledge of ethical hacking and penetration testing
-
A computer system with at least the following: OS: Linux/OSX/Windows Processor: At least 2 CPUs (virtual or physical) @ 1.50 GHz Memory: 2GB or more Storage: 80GB Openjdk 14 or Java RuntPython 3, and Python 2 VirtualBox or some other virtualization software
Content
Chapter 1: Introduction to Bug Bounty
-
What are Bug Bounty Programs?
-
Types of Bug Bounty Programs
-
Legal Foundations for Bug Bounties
Chapter 2: Reconnaissance
-
Open-source Intelligence
-
Subdomain Enumeration
-
Nmap Scans
-
Burp Suite
-
Nikto Scans
Chapter 3: Web Application Exploitation
-
OWASP and CWE
-
SQL Injection
-
Cross Site Scripting (XSS)
-
XML External Entities (XXE)
-
Insecure Direct Object Reference (IDOR)
-
Command Injection and RCE
-
Web Application Exploitation Case Studies
Chapter 4: Software Exploitation
-
Insecure Logging and Storage
-
Buffer Overflows
-
Improper Access Control
-
Use after Free
-
Integer Overflows and Underflows
-
Case Studies
Chapter 5: Android Exploitation
-
Decompiling APKs
-
Introduction to Drozer
-
Activity Vulnerabilities
-
Content Provider Vulnerabilities
-
Broadcast Vulnerabilities
-
Case Studies
Chapter 6: Reporting
-
Etiquette for Reporting Vulnerabilities
-
Scoring a Vulnerabilities Severity Using CVSS
-
How to Write a Good Report?
-
What Is a CVE?
The most comprehensive, up to date crowdsourced list of bug bounty and security vulnerability disclosure programs from across the web curated by the hacker community.
Reviews
There are no reviews yet.