Intro to Bug Bounty Hunting and Web Application Hacking

Name: Intro to Bug Bounty Hunting and Web Application Hacking
Rating: 4.5 (3624 reviews)

Insiders guide to ethical web hacking and bug bounty hunting with Ben Sadeghipour (@NahamSec)

Created byBen Sadeghipour

Last updated 8/2024

English

What you'll learn

Engaging with a bug bounty program
Basic understanding of web application hacking
Basics of Reconnaissance (recon)
How to approach a target
Understand how bug bounties work
Write better bug bounty reports
Includes practical hands on labs to practice your skills
Chain vulnerabilities for a higher impact
Cross-Site Scripting (XSS)
SQL Injection
Server-Side Request Forgery (SSRF)
Server-Side Vulnerabilities

Course content

17 sections • 125 lectures • 11h 52m total length

About this course1:44
Accessing your labs3:24
https://app.hackinghub.io/nahamsec-bug-bounty-course
Course Changes0:55
Below you will be able to see the upcoming releases and content we’ll be making for the course. We have currently started to work on the next 3 updates, but we will gradually release the roadmap as we get closer to the release date.
If you have any additional feedback or suggestions for the course please leave them in the comments. Please note that we may delete your comments after it has been reviewed.
Version 2.1 (EST: July 2024)
SQL Injection
✅ SQL Query Basics
✅ UNION Select Queries
✅ Boolean SQL Injection
✅ Blind SQL Injection
✅ SQLi Real World Examples
✅ SQLi in Inserts/Update Statements
✅ SQLi in inserts / updates (time based)
✅ NoSQL SQL Injection
✅ SQLi in logins
Testing Login Forms
✅ 15+ Techniques & Tips
Server-Side Request Forgery (UPDATE)
✅ Updating the SSRF module to reshoot and explain the concepts better
✅ Additional tips and in depth SSRF examples
Account Takeover
✅ 5 techniques to learn account takeover based on real scenarios
Version 2.0
Security Pre-Cursor
What is the internet
✅ What is an IP address
✅ What is DNS
✅ Ports And Services
✅ How websites work
✅ Backend vs Frontend
✅ Web Application Infrastructure
✅ HTTP Response Codes Explained
✅ Making Requests
Client-Side Vulnerabilities
✅ Understanding Regular Expressions
✅ Blind Cross-Site Scripting Update
✅ Cross-Site Scripting Update
✅ Cross-Site Scripting Filter Bypass
✅ Cross-Site Request Forgery (UPDATED)
✅ Understanding Cross-Site Scripting (XSS) bypasses
✅ Content Types and Cross-Site Scripting
✅ Content Security Policy (CSP) Explained
✅ Content Security Policy (CSP) Bypasses Examples
✅ Cross-Site Request Forgery (CSRF) Example
✅ Cross-Site Request Forgery (CSRF) in GET Requests
✅ Cross-Site Request Forgery (CSRF) in POST Requests
✅ Cross-Site Request Forgery (CSRF) Bypass (Tips & Tricks)
✅ Understanding postMessages and How to Exploit them
✅ Cross-origin resource sharing (CORS) Explained
✅ Cross-origin resource sharing (CORS) Exploitation
Understanding Web JSON Token
✅ Recon Explained
Recon (UPDATED)
✅ Recon Explained
✅ Subdomain's Explained
✅ Google Dorking Explained
✅ Certificate Transparency Explained
✅ Certificate Transparency Tricks & Tips
✅ Shodan Explained
✅ Shodan CLI Examples
✅ Discovering subdomains using Subfinder
✅ Information Gathering using HTTPx
What Is Bug Bounty6:01

Understanding Regular Expressions (RegEx)12:40
Open Redirect Slides2:23
Open Redirect Lab3:13
Explore open redirect vulnerabilities by fuzzing redirect parameters and observing 302 responses. Test how inputs redirect users to trusted or malicious sites, including browser tricks with at-sign domains.
Cross-Site Scripting (XSS) Explained6:02
Different approaches to Cross-Site Scripting (XSS)8:38
Different Context for Cross-Site Scripting (XSS)8:54
Investigate how cross-site scripting depends on rendering context by testing inputs and text areas. Learn to close tags, handle events, and encode payloads, not copy-paste, to reveal where scripts execute.
Content Types and Cross-Site Scripting10:09
Identify cross-site scripting risks in markdown by examining headers, links, and images, then fuzz payloads and assess how markdown implementations handle JavaScript and data URIs.
Stored Cross-Site Scripting (Stored XSS)2:34
Blind Cross-Site Scripting (Blind XSS)8:26
Master blind XSS concepts and how payloads can trigger on backend admin pages. Learn to test inputs and headers with XSS Hunter to identify hidden XSS opportunities.
Understanding Cross-Site Scripting (XSS) Filter Bypasses (Tips &Tricks)9:18
Explore practical xss filter bypass techniques through a trial-and-error approach, testing tags, case sensitivity, regex, event handlers, image sources, iframes, not closing tags, and clever workarounds to evade filters.
Content Security Policy (CSP) Explained4:40
Discover how content security policy (CSP) thwarts XSS by restricting script and resource loading via directives like default-src, script-src, and img-src, with values such as self and none.
Content Security Policy (CSP) Bypass Examples2:26
Content Security Policy (CSP) Bypass Using JSONP5:30
Content Security Policy (CSP) Bypass Using File Uploads5:33
Cross-Site Request Forgery (CSRF) Explained4:49
Cross-Site Request Forgery (CSRF) in GET Requests6:54
Cross-Site Request Forgery (CSRF) in POST Requests3:35
Cross-Site Request Forgery (CSRF) Bypass (Tips & Tricks)4:30
Escalating Self-XSS with Cross-Site Request Forgery (CSRF)4:05
Cross-origin resource sharing (CORS) Explained4:00
https://app.hackinghub.io/nbbc-cors
When dealing with CORS (Cross-Origin Resource Sharing) issues, it's important to note that not all browsers handle CORS requests the same way. For CORS to function correctly, browsers must support third-party cookies, which are being phased out due to privacy concerns.
Third-party cookies are used when a website (Website A) makes a request to another website (Website B). The cookies from Website B are sent along with the request. For these cookies to be sent, the original website must set the cookie with specific attributes: it must be secure (only sent over HTTPS), httponly (not accessible via JavaScript), and have the samesite policy set to None.
Third-party cookies have already been removed from browsers like Firefox and Safari. However, they are still supported on Google Chrome. Google has announced that Chrome will phase out third-party cookies by early 2025.
More details can be found here: https://developers.google.com/privacy-sandbox/3pcd
Cross-origin resource sharing (CORS) Exploitation4:00
Understanding postMessages and How to Exploit them16:46

Understanding Structured Query Language (SQL) Queries9:53
Error Based SQL Injection13:33
Boolean Based SQL Injection Example (Part 1)12:16
Enumerating Data with Boolean Based SQL Injection3:17
Enumerate usernames and passwords using boolean-based sql injection, validating data with subqueries and a limit clause, and iterating characters to reveal account information.
Blind SQL Injection10:53
Error Based INSERT SQL Injections17:16
Blind INSERT SQL Injections8:49
Explore blind insert sql injections in a contact form, using execution-time delays to verify vulnerabilities and determine the database version.
SQL Injection HackerOne Disclosed Reports2:47
Examine real-world SQL injection disclosures on bug bounty platforms, including Zomato’s blind injection bypassing a firewall using sleep, and vulnerable headers like the user agent.

File Uploads Slides5:14
Explore common file upload vulnerabilities and testing techniques. Learn how changing extensions and content types, uploading HTML or PHP, and path traversal enable exploits like XSS via file names.
File Uploads Lab 01 - XSS1:29
File Uploads Lab 02 - RCE5:41
Test file upload vulnerabilities to detect inline and blind rc, using burp repeater, curl, and brb collaborator to verify outputs via dns and uploads.

Server-Side Request Forgery (SSRF) - Explained (old)8:32
Server-Side Request Forgery (SSRF) - Hands On Introduction8:25
Server-Side Request Forgery (SSRF) - Screenshot Context2:31
Server-Side Request Forgery (SSRF) - PDF Context2:19
Server-Side Request Forgery (SSRF) - Blacklisted Resources4:14
Explore bypass techniques for SSRF against blacklisted resources by using alternative localhost references, IP formats, CNAMEs, and custom domains, plus ports and hex notation to access restricted hosts.
Server-Side Request Forgery (SSRF) - Whitelisting and Bypasses3:14
Server-Side Request Forgery (SSRF) - Chaining Open Redirects2:43
Server-Side Request Forgery (SSRF) - In an Image Context2:32
Explore server-side request forgery in an image context by forcing the app to fetch internal resources through a crafted invoice and iframe technique, revealing access to internal networks.
Server-Side Request Forgery (SSRF) - Chaining HTML Injection4:46
Server-Side Request Forgery (SSRF) - Chaining XSS7:23
Demonstrates how server-side request forgery can chain with XSS to reveal internal network access by probing locally hosted services, using favicon techniques and IP range brute-forcing.
Server-Side Request Forgery (SSRF) - Chaining XML External Entity (XXE)6:18
Server-Side Request Forgery (SSRF) - Blind SSRF9:53

Requirements

Basic understanding of web technology
Linux basics
Reliable internet connection.
A proxy tool such as as Caido, Burp Suite, or ZAP

Description

Welcome to Intro to Bug Bounty Hunting and Web Application Hacking, your introductory course into practical bug bounty hunting. Learn ethical hacking principles with your guide and instructor Ben Sadeghipour (@NahamSec). During the day, Ben is the former Research. & Community executive and prior that he was the head of Hacker Education at HackerOne. During his free time, Ben produces content on Twitch and YouTube for other hackers, bug bounty hunters, and security researchers. This course serves as a comprehensive guide and answers the number one question he receives, "how do I get started?"

Updated August 2024!

Now more than 11 hours worth of video content published!

flag{0b57147200d4bb3a2761a20d6a7ca088}

This course will feature:

An overview of 10+ vulnerability types and how to find them.
Hands-on labs for each vulnerability type where Ben will walk you through how each bug works and how they can be further exploited.
A practical lab where students will be attacking a fake organization to test out their newly acquired skills.
An introduction to recon including asset discovery and content discovery.
You will learn the tools of the trade and how to set up your hacking lab
Introduction to bug bounty programs, how to read the scope, how to write a report a good report, and how to get your first invitation to a private bug bounty program!

This course will be updated based on changing bug types, recon tactics, and your feedback! Purchase of the course gets you lifetime access to all information and updates.

Notes & Disclaimer

This course will be updated regularly as new information becomes available. Ben is committed to providing as much assistance as possible and will be answering relevant questions within 48 hours. Please don't be discouraged if you don't immediately find a bug, this field is for resilient people committed to learning and figuring things out without much direction. Google will be your friend, and we encourage you to try things before immediately asking for a solution.

This course is meant for educational purposes only. This information is not to be used for black hat exploitation and should only be used on targets you have permission to attack.

Who this course is for:

Web developers
Bug Bounty Hunters
Red Teamer or offensive security engineers
Developers looking to expand on their knowledge of vulnerabilities that may impact them
Anyone interested in application security
Beginner ethical hackers interested in web app hacking
Anyone interested in offensive security
Bug Bounty Hunters
Beginners in cybersecurity

Intro to Bug Bounty Hunting and Web Application Hacking

What you'll learn

Explore related topics

Course content

Intro to Bug Hunting - Course Overview4 lectures • 12min

Security Pre-cursor9 lectures • 35min

Why Proxy Tools3 lectures • 21min

Client Side Vulnerabilities22 lectures • 2hr 19min

Local File Disclosure (LFD)2 lectures • 9min

SQL Injection8 lectures • 1hr 19min

Testing File Uploaders3 lectures • 12min

Insecure Direct Object Reference (IDOR)4 lectures • 22min

Server Side Request Forgery (SSRF)12 lectures • 1hr 3min

XML External Entity (XXE)3 lectures • 13min

Requirements

Description

Who this course is for: