Learn Bug Bounty Hunting & Web Security Testing From Scratch

Learn how to discover bugs/vulnerabilities like specialists | OWASP top 10 + more | No earlier knowledge required

What you'll learn

• 95+ recordings to show you bug hunting and security testing from scratch.
• 80+ active genuine models - from easy to cutting edge.
• Discover the most well-known web application bugs and vulnerabilities.
• Discover bugs from the OWASP top 10 most normal security threats.
• Sidestep channels and security on the covered bugs as a whole and vulnerabilities.
• 2 Hour LIVE bug chase/pentest on a genuine web application toward the finish of the course.
• My way to deal with bug hunting and web application infiltration testing.
• The bug tracker/programmer attitude.
• Effectiveness use Burp Suite to discover bugs and vulnerabilities.
• Discover sensitive and hidden information, paths, files, endpoints and subdomains
• Accumulate information about websites and applications
• Fundamental subjects to bounty hunting.
• HTTP strategies and status codes.
• Cookies and cookie control
• HTML fundamentals for bug hunting.
• XML fundamentals for bug hunting.
• Javascript fundamentals for bug hunting.
• Peruse and dissect headers, requests and reactions
• Discover information exposure vulnerabilities.
• Discover broken admittance control vulnerabiltiies.
• Discover way/catalog crossing vulnerabilities.
• Discover CSRF vulnerabilities.
• Discover IDOR vulnerabilities
• Discover OAUTH 2.0 vulnerabilities
• Discover Injection vulnerabilities.
• Discover Order Injection vulnerabilities
• Discover HTML Injection vulnerabilities
• Discover XSS vulnerabilities (Reflected, Put away and DOM).
• High level XSS discovery and sidestep techniques
• Discover SQL Injection vulnerabilities.
• Discover Blind SQL Injection vulnerabilities.
• Discover Time sensitive visually impaired SQL Injection vulnerabilities.
• Discover SSRF vulnerabilities.
• Discover blind SSRF vulnerabilities.
• Discover XXE vulnerabilities.
• The Burp Suite Proxy.
• The Burp Suite Repeater.
• The Burp Suite Channel
• The Burp Suite Gatecrasher.
• The Burp Suite Associate.

 

Prerequisites

• Fundamental IT Abilities
• No earlier knowledge expected in bug hunting, h4cking or programming.
• PC with at least 4GB slam/memory.
• Working Framework: Windows/Apple Macintosh operating system/Linux.

Description

Welcome to my far reaching course on Bug Bounty Hunting and Web Security Testing course. This course expects you have NO earlier knowledge, it begins with you from scratch and makes you move by-move toward a high level, ready to discover countless bugs or vulnerabilities (counting the OWASP top 10) in any web application no matter what the advancements utilized in it or the cloud servers that it runs on.

 

This course is profoundly viable yet doesn't disregard the hypothesis, we'll begin with essentials to show you how websites work, the advances utilized and how these innovations cooperate to create these quite utilitarian stages that we utilize ordinary. Then, at that point, we'll begin h4cking and bug hunting straight away. You'll learn everything as a visual cue, by discovering security bugs and vulnerabilities, no wearing dry talks out.

 

The course is separated into various segments, each means to show you a typical security bug or weakness from the OWASP top 10 most normal security threats. Each part takes you through various involved guides to show you the reason for the security bug or weakness and how to discover it in various situations, from easy to cutting edge. You'll likewise learn progressed techniques to sidestep channels and security measures. As we do this I will likewise acquaint you with various h4cking and security ideas, tools and techniques. All that will be shown through models and involved practicals, there will be no pointless or exhausting talks!

 

Toward the finish of the course I will take you through a two hour pentest or bug chase to tell you the best way to consolidate the knowledge that you gained and utilize it in a genuine situation to discover bugs and vulnerabilities in a genuine website! I will show you how I approach an objective, break down it, and dismantle it to discover bugs and vulnerabilities in highlights that most would believe are secure!

 

As referenced you'll learn substantially more than exactly how to discover security bugs in this course, yet here's a rundown of the principal security bugs and vulnerabilities that will be canvassed in the course:

 

Information Exposure.

IDOR (Uncertain Direct Item Reference).

Broken Access Control.

• Catalog/Way Crossing.
• Cookie Control.
• CSRF (Client-Side Request Fabrication).
• OAUTH 2.0.

Injection Vulnerabilities.

• Order Injection.
• Blind Order Injection.
• HTML Injection.
• XSS (Cross-Site Scripting).
• Reflected, Put away and DOM Based XSS.
• Bypassing Security Channels.
• Bypassing CSP (Content Security Strategy).
• SQL Injection.
• Blind SQLi.

Time sensitive Visually impaired SQLi.

• SSRRF (Server-Side Request Falsification).
• Blind SSRF.
• XXE (XML Outside Substance) Injection.

 

Topics:

• Information gathering.
• End point discovery.
• HTTP Headers.
• HTTP status codes.
• HTTP strategies.
• Input boundaries.
• Cookies.
• HTML essentials for bug hunting.
• Javascript essentials for bug hunting.
• XML essentials for bug hunting.
• Separating techniques.
• Bypassing boycotts and whitelists.
• Bug hunting and exploration.
• Hidden paths discovery.
• Code investigations.

 

You'll utilize the accompanying tools to accomplish the abovementioned:

• Ferox Buster.
• WSL.
• Dev tools.
• Burp Suite:
• Rudiments.
• Burp Proxy.
• Gatecrasher (Basic and Group bomb).
• Repeater.
• Teammate.

 

With this course you'll get day in and day out help, so assuming that you have any inquiries you can post them in the question and answer session area and we'll answer you in 15 hours or less.

 

Checkout the educational program and the course mystery for more data!

Who this course is for:

• Anyone hoping to turn into a bug bounty tracker.
• Anyone with any interest at all in web application h4cking/entrance testing.
• Anyone with any interest at all in learning how to get websites and web applications from programmers.
• Web designers so they can make secure web application and secure their current ones.
• Web administrators so they can get their websites.

 

Educators

Zaid Sabih

Moral Programmer, PC Researcher and President of zSecurity

• 4.6 Educator Rating
• 163,965 Audits
• 702,986 Understudies
• 10 Courses

I am Zaid Al-Quraishi, I'm a moral programmer, a PC researcher, and the pioneer and Chief of zSecurity and Bug-Bounty.

I simply love h4cking and defying the guidelines, yet don't misunderstand me as I said I'm a moral programmer.

I have colossal involvement with moral h4cking and network safety and I have over 1M understudies overall on various educating stages.

 

z Security

Driving supplier of moral h4cking and digital protection preparing,

• 4.6 Teacher Rating
• 163,965 Surveys
• 697,903 Understudies
• 10 Courses

zSecurity is a main supplier of moral h4cking and digital protection preparing, we train h4cking and security to assist with peopling become moral programmers so they can test and get frameworks from dark cap programmers.

Turning into a moral programmer is basic yet difficult, there are numerous assets on the web yet heaps of them are off-base and obsolete, that as well as it is difficult to keep awake to date regardless of whether you as of now know quite a bit about digital protection.

 

We want to instruct individuals and increment mindfulness by uncovering strategies utilized by genuine dark cap programmers and tell the best way to get frameworks from these programmers.

 

4.7 course Rating 173 Reviews

PAWAN KUMAR D.

Rating: 5.0 out of 5 - seven days prior

Best happy as expected by ZAIDH sir

 

Lorenz John D.

Rating: 5.0 out of 5 - seven days prior

I have no foundation in programming except for you make sense of it well. I previously enlisted three courses from Zaid. I learned a great deal and continue to learn.