Bug Bounty Hunting - Offensive Approach to Hunt Bugs. This course will cover most of the vulnerabilities of OWASP TOP 10 & Web Application Penetration Testing. You will start as a beginner with no hands-on experience on bug bounty hunting and Penetration testing, after this course you will emerge as stealth Bug Bounty Hunter.
Why learn Bug Bounty Hunting?
Hall of Fame
Rewards & Appreciation
Cyber Security
Web Application Penetration Testing
Duration
40 hours - 2 classes per week
Eligibility
Anyone who wants to take part in too big bounty sites and earn money
Course Fees
Class Room Training
Rs.30,000/-
Inclusive of all taxes
Online Training
Rs.40,000/-
Rs.30,000/-
Inclusive of all taxes
What You Will Get?
40 Hours
of in depth training by the best bug bounty hunter
Study Materials
Bug Bounty Hunting
Certificate of Completion after examination and alumni status
Course Details
- The duration of the course is 40 hours at 2 classes per week
- The course fee is Rs.30,000/- for classroom and Rs.40,000/- Rs.30,000/- for online
- The curriculum is taught combining theory and practical
- Introduction (Day 1)
- Introduction Burpsuit (Day 1)
- Information Gathering (Day 1)
- XSS (Day 2)
- Blind XSS (Day 2)
- Host header Injection (Day 3)
- Data Tampering (Day 3)
- Vulnerability Related to SPF (Day 4)
- HTML Injection (Day 4)
- File Inclusion (Day 5)
- Forced Browsing (Day 5)
- Server Side Request Forgery (SSRF) (Day 6)
- Source Code Disclosure Vunerability (Day 7)
- SQL Injection (Day 8)
- Advance SQL Injection (Day 8)
- Advance SQL Injection (Day 9)
- Cross Site Request Forgery (CSRF) (Day 10)
- XML External (Day 11)
- Rate Limiting Attack (Day 11)
- Long Password Dos attack (Day 12)
- Buffer overflow (Day 12)
- IDOR (Day 13)
- Account Takeover (Day 13)
- CMS Vulnerability (Day 14)
- Drupal (Day 14)
- Information Disclosure (Day 15)
- Cryptographic related vulnerability (Day 15)
- Command Injection (Day 16)
- Different types of RCE (Remote Code Execution) (Day 16)
- Web cache deception (Day 17)
- SSTI (Server-Side Template Injection) (Day 18)
- DNS Zone transfer (Day 19)
- Session Puzzling (Day 19)
- HSTS (HTTP Strict Transport Security) (Day 20)
- GraphSQL (Day 20)
Hacking Tutorials
Read All Tutorials »
Building a career in Digital Forensic - How promising is the future? A thorough career guide
Read Details »Hacking Videos
Explore All Videos »How to Hiding Your Secret File using Steganography?
View On Youtube »Enroll Now
Fields marked with * are mandatory.
21 years of experience working in India, New Zealand & Singapore; in Information Security domain as Ethical Hacker, ISO 27001 Lead Auditor / Tutor, BS 10012 Privacy Lead Auditor, Mr. Sandeep Sengupta has conducted security audit in companies like ONGC, KPMG, PWC, Airtel, Vodafone, Accenture, Capgemini, Vedanta, PayU, Bandhan Bank, ABP, etc.
He has been invited as a speaker at FICCI, VIT (Vellore), Nasscom, CII, BCCI, ICAI, ISACA, FICCI, CeBIT, US High Commission (Kolkata), etc. He has taken part in several Television shows on ABP, ETV, NDTV, AajTak, Times Now, etc. In 2005, Sandeep founded the online community "Hackers Library"; which had 80,000+ members, making it the largest Indian online forum for cyber-security professionals at its time. Mr. Sengupta is the committee member at Nasscom (East) & CII ICT-East.
A Penetration Tester with 6 years of experience, Kirit has the expertise in Mobile Application Pentesting Network, IoT Penetration Testing, Source-code review, Fuzzing, Red teaming, Social Engineering, Digital Forensic and Incident Response, Dev(Sec)Ops, Malware Analysis as well as SOC analysis. He has been acknowledged for reporting critical vulnerabilities to Uber, Apple, Flipkart, and MIT. Mr. Kirit Sankar Gupta is the member of Data Security Council of India (Kolkata).
Mr. Saumitra Biswas is M.Tech in computer science from Netaji Subhash Engineering College, GATE qualified in computer science and a MSC in statistics from Kalyani University. He has 20 years of experience. His technical interests include Machine Learning, Neural Networks, Genetic Algorithms and Object Oriented Programming. He is skilled in C, C++, C#, Dotnet, Java, Python, Matlab, Unix, MS Windows XP, Windows 7, My SQL, Oracle, MS Access, HTML, XML, CSS and PHP. He take classes on AI & ML in ISOAH, as well as act as mentors to interns & project trainees.
After completion of her Master degree, she has worked with ISOAH as an intern for few years before joining full time as security analyst. She has been involved in internal audit, policy design, ISMS consultancy for more than 2 years. She is well versed in Kali Linux, Nmap, Metasploit, ITGC, ISO 27001 & COBIT framework. ISOAH clients she has provided active consultancy are CESC, Diadem, Lexplosion, Diamond Beverages, etc. As part of her hobby, she has been a professional model in her free time.
Ratings & Reviews
Course: Bug Bounty Hunting
The course is great in terms of practical knowledge it provides to actually hunt bugs on live websites, never heard those techniques before, very beneficial course for those who are stepping into the field of bug hunting. Nice course that covers all the basic aspects of web application penetration testing and the most common techniques for Bug Bounty Programs.
FAQs
- History of Bug bounties
- Difference between Penetration Test and Bug Bounties
- How a Pentester turns into a bug bounty hunter?
- Platforms, ways to participate
- Bug Hunter Methodology Android
- Bug Hunter Methodology Web
- The tricks and tips
- Practicals of approaching a target
- Creating the best possible of the scope
- Where to look and what to look for
- XSS, CSRF, SQLi, IDOR…
- How much important is the report?
- Best tools to use
- Bug Hunter Methodology IOS
- Let's do it right now…
- Legal issues and being safe
- Best of the submissions - Hackerone
- How to Learn and improvise
The duration of the course is 40 hours at 2 classes per week.
The course is administered in theory as well as practical.
Anyone who wants to take part in too big bounty sites and earn money.
Member of:
