Web Application penetration testing and Bug Bounty Course
4.0 (22 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
224 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Web Application penetration testing and Bug Bounty Course to your Wishlist.

Add to Wishlist

Web Application penetration testing and Bug Bounty Course

Complete Ethical hacking and penetration testing guide to make sure that your web application is secure
4.0 (22 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
224 students enrolled
Last updated 1/2017
Curiosity Sale
Current price: $10 Original price: $120 Discount: 92% off
30-Day Money-Back Guarantee
  • 6 hours on-demand video
  • 1 Article
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • you will be able to apply for Jr. Pentester
  • Intermediate Bug Bounty hunter
  • Find and report critical bugs
  • Prepare Proof of Concepts for bugs
  • Automate vulnerability searches
  • Learn about web goat, hackme casino and Kali
View Curriculum
  • Use computers at basic level
  • Basic understanding of working of websites
  • Windows and MAC, both are good for this course

Welcome to Web application penetration testing and bug bounty course. A course that teaches you practically, about web application security, protecting your websites from attacks and reporting bugs for reward money, if you found one.

Every single day, you read this in news, linkedin was attacked, Yahoo was attacked and have asked users to change their passwords. Cyber security is next Big thing. Every month thousands of people are learning about web app development and yet only a few are learning to secure those applications

We have designed this course, so that you can learn to secure web application. Regardless that you know, How to design one or not, these skills will help you to run various tests and enhance security of web apps. By the end of this course, you will able to apply for Junior web application pen tester, A complete independent bug bounty hunter and secure web developer.

In this course we will learn to install our own labs to do pentesting. We will walk you through with OWASP, top vulnerabilities like sql injection, Cross site scripting, session management flaws and various others. Also we will give you enough challenges to practice along.

Ideal student for this course is one who is interested in Web application security, Bug bounty and developers who want to secure their web apps.

Our goal with this course is to create more security experts so that these incidents can be minimised. It used to be time when banks were attacked, now everything is online and so is the money and attackers. Every web application developers should have skills to secure web application. In fact, development should be a process with constant involvement of cyber security experts. 

Join us in this goal of creating secure cyber space. This course is great starting point to earn some good bounties with bugs. Take a look at some free previews and See You Inside Course.

Who is the target audience?
  • interested in securing your web application
  • Interested in Becoming Bug bounty hunter
  • web developers
  • Ethical hacker
  • pentesters
Students Who Viewed This Course Also Viewed
Curriculum For This Course
46 Lectures
Getting started in Web Application pentesting
4 Lectures 20:05

This is a complete introduction to Complete web application penetration testing and bug bounty course. In this video I'll walk you through with What each section contains and How will the course progress. 

Preview 02:41

With every course, I always says that don't expect magic with any course. Make sure that you understand that course is to guide you, it also need hard work, time and a lot of practice.

Preview 02:14

To get started in Pentesting or penetration testing, we need to collect some tools like kali for attack machine and Virtual machine for virtualization and Dojo as a victim machine. Once we get those operating system and tools, of course for free, then we will move further

Getting ready with tools, softwares and hardware

Earning from Bug Bounty is not a new thing for security experts. Infact most of web application security experts are taking this a part time, high revenue generating process. In this video we will learn about right path of getting started with Bug Bounty 

How to earn with bug bounty - FAQ
Clearing up our Vocab of web application pentesting
5 Lectures 35:40

A quick introduction about what this course contains

Preview 02:01

Dojo is one stop solution of having vulnerable testing application. We need to learn a lot of attacks like SQL injection, XSS, session management etc and for each of those we need a loophole in application. Installing this Dojo makes like easy and we can practice all those attacks without worrying about it.

Installing DOJO for pentesting

For any ethical hacker or pentester Kali linux does not require any introduction. This linux distribution is one stop solution for pentesters. Although for web application, we will use it at minimum but without this, we would feel that something is missing from the course.

Installing KALI for penetration testing

Kali is a an Operating System with vast number of tools already installed in it. This machine surely require a tour. In Fact, We can create a course on just kali tool tour, but in this case lets just leave it to a small tour to make you friendly with interface

Tour of Kali tools and services

OWASP stands for Open Web application Security Project, it is kind of Holy Bible for web application attacks and precautions. This website is always a GOTO for further reference or more reading material on attacks.

OWASP - introduction
Linux - Getting started and must have basics
5 Lectures 38:50

A quick introduction about what this course contains

Preview 02:23

Linux training is a must have skills for everyone in the field of IT security. You don't need to be guru or linux administrator for this course but all the linux that you will need for this course is already covered in this course. In this first video we will learn about creating files via command line and traveling in linux.

creating files and traveling in linux

Linux have a little different file structure than Windows.  So this surely requires some understanding like which one is file and which one is directory. Judging just by color is not a good idea in linux as it is opensource and within a few lines of codes it can be changed. So we will learn the right way of understanding it.

Exploring linux file system

Not every file in linux can be executable. There are certain permissions in linux that allows us to read, write and execute files. These permissions are usually denotes by numbers like for read - 4, write - 2 and execute - 1.

Files and persmissions

Networking is also an important part of linux. Of course we cannot do penetration testing by staying offline. We will learn about commands like ifconfig and iwconfig. This will help you to get to know you Ip and net card details. Also we will look at Reading manual of any command in linux

Linux networking commands
Prepare yourself before Pentesting
11 Lectures 01:41:58

A quick introduction about what this course contains

what to expect in section 4

TOR Browser is one the many way of getting anonymity in the online world. TOR sends request to other nodes and your request get passed via various nodes. Also, I will introduce you with the world of Darknet.

Introducing TOR and DARKNET world

Proxies are a way to hide your location or basically route the entire traffic via a different server. It helps us to improve the anonymity. We will install proxychains and with this we can make n number of stops between the traffic.

Proxychains - Multilevel Anonymity

MAC address also know as physical address of your ethernet device or wireless device is your main identity over the internet, apart from IP. We will learn to mask or change the current mac address.

MAC address - masking MAC and details

there are many methods to gather information of our client, one of them is DNS enumeration. We also take a look on what is open DNS

DNSENUM - gathering information

Although, zone transfer vulnerability is very rare to see now a days but still we will look at this vulnerability on a dedicated platform.

Zone transfer Vulnerability

DIG is another tool that gives more detail information about DNS information. Let's have a look on DIG tool which ships in Kali linux.

DIG - Gather data with dig

DNStracer is the utility which calculates the path of our request to the server and plots it nicely on graphical interface. We will also have a quick look on wireshark.

DNSTracer and wireshark basics

Dimitry is a built in tool in kali that gather a lots of information about the company like email ID and DNS information but there are many better tools available now.

Dimitry - old still powerfull

Finding email is one of the important part as it can be later used for social engineering. Also we will look at generating reports.

Finding emails, subdomain and generating reports

Now that we have talked about a lot of tools, here is the time give you a very small and easy assignment. Also let's have a look on recon-ng

Assignment and recon
OWASP - Vulnerability practicals and Safeguards
11 Lectures 01:31:51

A quick introduction about what this course contains

what to expect in section 5

Writing secure code seems easy process but it is one of the most challenging task. In this exercise we will explore that how bad code can reveal critical information and can lead to harm the application. Some times even the comments left at development phase does reach to production stage.

Code quality and source code analysis

OS Command injection is a serious vulnerability where attacker is able to run system commands from the application. Attacker can even read critical files like shadow or passwd files. We will look and compare secure code vs the vulnerable code.

OS command Injection

Cross site scripting or XSS is one the most famous and trending attack with modern application. In this video we will refer to a great and precise documentation being put on google site. Although there are not many payload to talk in here but we will point to them as well

Basics of Cross Site Scripting

Reflected XSS  is one which does not get store in database and runs only at client side. Running a javascript code in the client browser can harm application a lot. We can get cookies of the viewer or can redirect him to a malicious website, where we can link hooks. We will discuss hooks in advance section

Reflected XSS

Stored XSS uses almost the same payload but is more dangerous as payload get stores in database. Now if anyone visits that page, every user will be attacked by that payload. This serious flaw can even damage the credibility of business in long run

Stored XSS

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. This can be seen in banking application or set new password section

Cross site request Forgery

The superstar of web application attack is SQL injection. In this attack, attacker tries to run sql commands from the user end and if he gets a success, then he has got a full access to read database. And yep, it is that scary. He can even get access to passwords (If not hashed) or even credit card details or entire email, which is entire business

SQL injection

Sometimes application needs to collect more info from users like their photos or their resumes or other pdf. In the uploading process application needs to be extra careful as users might upload something malicious. they can upload shells that can take full access over the server

Upload Vulnerabilities, shell and defacing

This is one great example of JSON injection. Here we will intercept the request between client and server and will edit it on the go. This vulnerability will help us to book cheap tickets and destroy the business logic of the application

Preview 07:46

DOM or Document Object Model XSS is rarely seen on web application but is equally dangerous. In this video we will learn more about DOM based XSS

DOM based Cross site scripting
Advance attacks and automation
6 Lectures 47:07

When we talk about Cross site scripting aka XSS sometimes companies asks for Proof of concepts and more attack scope. BeEF is one such tool that is one stop solution for exploiting XSS to next level. Let's explore BeEF automation tool

BeEF and XSS automation and PoC

Sql injection is the most common attack and many application are still vulnerable to it. This is the most deadliest attack as attacker gets entire access to database. It this video we will talk about it and will point out to a FREE resource to learn more about sql injection. Yep, totally free and no need to even signup

SQLi Lab setup and 5 hour of free resource on sql injection

SQLmap is a great tool for automating various tasks of sql injection. Specially for error based injections this tool is great and works as smooth as butter. We will learn about all the commands, opening manual for sqlmap and will try it over an error based injection

SQLMap and error based injection

Time based injection  is based on the fact that sometime a full error is not shown on the page and rather we have to work on true or false based results. This is very difficult for a normal user but with tools like sqlmap, we can work on it without breaking the head in wall

Time based and blind sql injection

Forgot password is the common feature and almost must have in every web application. But in many web application, we don't restrict users for number of attempts for answering questions. This video is perfect example of such situation

Forgot password vulnerability

In some cases, we can force session IDb to be created  by providing it. In this case we will force a user to visit bank login and inject session id, later we will use same ID to login into his/her session

Session mismanagement flaws
Home labs - Hack me casino and others
4 Lectures 19:30

So, we have talked about Damn Vulnerable web application, but after practicing over it you might be wondering if you could have more such apps to test our skills, here is the answer of this question. We will introduce you with Hackme casino, that has lot of entertainment and bugs.

Introducing Hackme casino

There are a lots Vulnerabilities and loopholes in hack me casino. Although, we will talk about few of them like  SQL Injection and session mis management but this application is for you to apply all the attacks that you have learned in this course.

HackMeCasino Vulnerabilities

This cheesy vulnerable web application is there for you do whatever you wish to do with it, in terms of attacks and exploitation. It is specially designed to leave some loopholes for practice purposes. As soon as you find some vulnerability in application,  please post in the Q/A section to showoff. Yep, we need you to do that

Assignment - Cheese app test bed

Thanking note
About the Instructor
Igneus Technologies
4.3 Average rating
2,961 Reviews
77,320 Students
35 Courses
Best Comprehensive Courses

We at Igneus have trained students from IIT's, NIT's and reputed companies. Students from all over the globe have trusted our High quality and affordable trainings from 10+ countries and have opted for our Certification programs.

IGNEUS stands for the Revolutionary and a quality enhanced change that we’ve tried to come up with in the modern world of Internet education. We’ve come up bearing in mind the maximum emphasis on the quality dealing with every new technology which has made us distinguished from the throng at internet. And this revolution of choice will keep continuing. Today IGNEUS Technologies has proudly lifting up the tag of being the world's most trusted provider of myriad of services and training programs aiding constantly in every corner of the globe along with web security aspects, and open source technology.

IGNEUS Technologies Pvt. Ltd is a dream shared and brought up by two computer geniuses to make the society upgraded and aware of the cyber crimes that curb the innocence of environment, thus starting a revolution in favor of cyber security.

Igneus stands for the Revolutionary and a quality enhanced change in every aspect of its touch to internet. Quality dealing with every new technology makes us different from the crowd of internet. The revolution of choice continues. Today Igneus Technologies is the world's most trusted provider of mentioned services and training along with web security aspects, and open source technology.