Course Content

 

Module I

Objective: Learn the basic about on how to get started with Bug Bounty Programs, web applications; how everything works behind the scenes including HTTP Methods, web design patterns, client, and server-side components. and Command Line for both Linux and Windows which comes handy and how to takes good Notes. 1.      Picking Bug Bounty Program

1. Social Sites and Applications
2. Web Applications
3. Mobile and Desktop Applications
4. Source Code and Executables
5. Hardware and IoT

2.      Bug Bounty Platforms

1. Public Programs
2. Private Programs
3. Others Non-Listed programs
4. The Pros and the Cons
5. Things to Keep in Mind

3.      Basic Web 101

1. DNS
2. HTTP Protocol Basics
3. HTTP Requests and Responses
4. HTTP Methods
5. HTTP Status Code
6. HTTP Headers
7. HTTP Cookies
8. Session Management
9. IP and Ports Address
10. Encoding
11. HTML Encoding
12. URL Encoding
13. Base64
14. SSL
15. Proxy
16. Authentication
17. Authorization

4.      Linux Command Line Fun

1. Searching, Installing, and Removing Tools
2. The Bash Environment
3. Piping and Redirection
4. Text Searching and Manipulation
5. Other Useful Command
6. Network Commands
7. System Info
8. Editing Files from the Command Line
9. Downloading Files
10. Customizing the Bash Environment

    5.      Windows Command Line Fun

1. Basic Usage
2. Piping and Redirection
3. Network Commands
4. System Info
5. Editing Files from the Command Line
6. Batch Scripting Practical Examples
7. Comparing Files
8. Bash Scripting Practical Examples
9. Notes Taking

 

 Module II

Objective: This module focusses on setting up the playground and getting to know better the tools and that we will be using through the modules, also setting up practice labs and other online CTFs which will help up to keep up with the latest way to find the bugs. 7.      Setting Up Playground

1. Choose and
2. Setting Up Browser and Proxy
3. Browser Extensions

8.  Tools of Trade

9. Vulnerable Lab Setup
10. Capture The Flag

 

 Module III

Objective: This module focusses on the Top Ten OWASP Vulnerability and we will understand this in great detail with testing methodology, along with understand the importance of automated and manual vulnerability scanning.

11. Understanding OWASP Top 10

1. A1 Injection Attacks
2. A2 Broken Authentication
3. A3 Sensitive Data Exposure
4. A4 XML External Entity
5. A5 Broken Access Control
6. A6 Security Misconfigurations
7. A7 Cross-Site Scripting
8. A8 Insecure Deserialization
9. A9 Using Components with Known Vulnerabilities
10. A10 Insufficient Logging & Monitoring

12. Vulnerability Scanning

1. How Vulnerability Scanners Work
2. Manual Automated Scanning
3. Authenticated vs Unauthenticated
4. Practical

13. Testing Methodology

 

Module IV

Objective: This is where we will get our hand dirty and will dive into the live application to find the bugs and apply all the above strategy, we have learned so far. We will also try to automate most of the manual task that we have to do using bash and batch scripting we learned.

14. Reconnaissance

15. Top 15 – Easy to Find Bug

16. Top 10 – Little Efforts

17. Top 05 – Critical Bug
18. Automation

   

Module V

Objective: This module focussed on writing good report so we can present our self to the team who is going to see the bugs from your perspective.

19. Report Writing

20. What to Do When You are Stuck