Intro to Bug Bounty Hunting and Web Application Hacking
What you'll learn
- Engaging with a bug bounty program
- Basic understanding of web application hacking
- Basics of Reconnaissance (recon)
- How to approach a target
- Understand how bug bounties work
- Write better bug bounty reports
- Includes practical hands on labs to practice your skills
- Chain vulnerabilities for a higher impact
- Cross-Site Scripting (XSS)
- SQL Injection
- Server-Side Request Forgery (SSRF)
- Server-Side Vulnerabilities
Requirements
- Basic understanding of web technology
- Linux basics
- Reliable internet connection.
- A proxy tool such as as Caido, Burp Suite, or ZAP
Description
Welcome to Intro to Bug Bounty Hunting and Web Application Hacking, your introductory course into practical bug bounty hunting. Learn ethical hacking principles with your guide and instructor Ben Sadeghipour (@NahamSec). During the day, Ben is the former Research. & Community executive and prior that he was the head of Hacker Education at HackerOne. During his free time, Ben produces content on Twitch and YouTube for other hackers, bug bounty hunters, and security researchers. This course serves as a comprehensive guide and answers the number one question he receives, "how do I get started?"
Updated August 2024!
Now more than 11 hours worth of video content published!
flag{0b57147200d4bb3a2761a20d6a7ca088}
This course will feature:
An overview of 10+ vulnerability types and how to find them.
Hands-on labs for each vulnerability type where Ben will walk you through how each bug works and how they can be further exploited.
A practical lab where students will be attacking a fake organization to test out their newly acquired skills.
An introduction to recon including asset discovery and content discovery.
You will learn the tools of the trade and how to set up your hacking lab
Introduction to bug bounty programs, how to read the scope, how to write a report a good report, and how to get your first invitation to a private bug bounty program!
This course will be updated based on changing bug types, recon tactics, and your feedback! Purchase of the course gets you lifetime access to all information and updates.
Notes & Disclaimer
This course will be updated regularly as new information becomes available. Ben is committed to providing as much assistance as possible and will be answering relevant questions within 48 hours. Please don't be discouraged if you don't immediately find a bug, this field is for resilient people committed to learning and figuring things out without much direction. Google will be your friend, and we encourage you to try things before immediately asking for a solution.
This course is meant for educational purposes only. This information is not to be used for black hat exploitation and should only be used on targets you have permission to attack.
Who this course is for:
- Web developers
- Bug Bounty Hunters
- Red Teamer or offensive security engineers
- Developers looking to expand on their knowledge of vulnerabilities that may impact them
- Anyone interested in application security
- Beginner ethical hackers interested in web app hacking
- Anyone interested in offensive security
- Bug Bounty Hunters
- Beginners in cybersecurity
Instructor
- 4.5 Instructor Rating
- 3,467 Reviews
- 29,325 Students
- 1 Course
I'm Ben Sadeghipour, also known as NahamSec online where I provide educational content for people interested in ethical hacking and bug bounty hunting. Outside of content production, I am also currently the head of education at HackerOne.
I have successfully hacked into organizations like Airbnb, Apple, Valve, Lyft, Snapchat, and The US Department of Defense. I have also presented at a variety of conferences like Defcon, BSides, or OWASP's AppSec to present my research.