Bug Bounty Training

By Abrar ahmad & Viswanath - Tech marshals Academy
Enroll Now For Next Batch

BUG BOUNTY COURSE

Course Fee – 12000/- Offer Price: 10000/-

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.

This course will cover most of the OWASP TOP 10 and Web Application Penetration Testing.

Bug Bounties Advantages

  • Values of your Resume.
  • Increase Possibility of getting a job in the industry.
  • Opportunity to make money on spare time.
  • Glory and Fame.
  • Knowledge.
  • The proven one.

 

Who this course is for:

Anyone who wants to Hunt | Security Professional | Developer | Ethical Hacker |  Penetration Tester

Enroll Now For Demo Session

Tech Marshals Bug Bounty Course Content V11

Introduction to Burp-Suite Pro

  • Java installation in the system
  • Proxy setting in Firefox browser
  • Burp Certification in Firefox

 FOOTPRINTING / INFORMATION GATHERING

  • Background Concept
  • Nmap
  • Whatweb
  • Finding Subdomains of Domains

 XSS – CROSS SITE SCRIPTING

  • Background Concept
  • Basic XSS
  • XSS on LAB Website
  • Manually Building XSS
  • XSS on live Website
  • XSS through filter bypass attack
  • Reflected XSS vs Stored XSS
  • Exploitation of XSS

 HOST HEADER INJECTION ATTACK

  • Overview of the Attack
  • Open Redirection
  • Web Cache poisoning
  • Host Header XSS

 URLREDIRECTION

  • Basic Concept
  • URL Redirection through Path Fragmentation
  • Attacks on Live Websites

HTML INJECTION

  • Background Concept
  • Injection Findings Examples
  • Exploitation of HTML Injection Attack

SQL INJECTION

  • Background Concept
  • SQL Injection LAB set up
  • Authentication Bypass Attack
  • SQL MAP
  • Havij pro
  • Union Based SQLi
  • SQL fixing query
  • Exploitation (Getting Database) on the GET BASED , POST BASED , HEADER BASED & COOKIE BASED
  • Attacks on Live website

 COMMAND INJECTION

  • Concept
  • Attacks using Delimeters

PARAMETER / DATA TEMPERING

  • Basic Concept
  • Finding Injection point
  • Directly Live attacks to decease the price of commercial websites product.

 FILE INCLUSION

  • Background concept
  • LFI
  • RFI

 MISSING SPF FLAG

  • Background Concept
  • Target and Attacks
  • Exploitations of missing SPF

 NSECURE CORS (CROSS ORIGIN RESOURCE SHARING)

  • Background concept
  • Insecure CORS checking Response
  • Insecure CORS through Response Header and Request Header

 FILE UPLOADING

  • Background concept
  • Finding the uploading targets
  • Uploading .php shell and getting access to the full server
  • Uploading to some malicious files to do the DOS attack

 CRITICAL FILE FOUND

  • Background Concept
  • Manual attacks
  • Automatic attacks through payload.

 SOURCE CODE DISCLOSURE

  • Background concept
  • Attack manually and automatically

 CSRF – CROSS SITE REQUEST FORGERY

  • Background concept
  • Injection Point
  • CSRF on logout page

 DOS Attack (Denial of services)

  • NOTE :- sometimes there is no bounty for this attack
  • Background concept
  • Attack through LOIC & HOIC
  • Attack through Ettercap
  • Attack through Metasploit

 XML External Entity (XXE) Processing

 Report Writing & POC

 Sign up in these online Bug Hunting platforms.

  • Bug crowd
  • Hacker one
  • Synack
  • Anti hack
  • Open bug bounty
  • Facebook bug bounty program
  • Ec-Council bug bounty program

 

Bug Bounty Training in Hyderabad by Tech Marshals Academy

 

Location

B2, 2nd Floor, KVR Enclave,

Beside Satyam Theater,

Above Batashowroom,

Ameerpet, Hyderabad.

+91 9133333875 / 04040034050

info@techmarshals.com

Follow Us

Enroll Now For Demo Session

Share This