Course Information
Registration period
Year-round Recruitment
Course Level
Study Mode
Duration
13 Hour(s) 40 Minute(s)
Language
English
Taught by
Martin Voelk
Rating
Course Overview
Bug Bounty Hunting from Zero to Hero. Become a successful Web Application Bug Bounty Hunter
Welcome to the ultimate Web Application Bug Bounty Hunting course.
Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.
In this course Martin walks students through a step-by-step methodology on how to uncover web vulnerabilities. The theoretical lecture is complimented with the relevant free practical Burp labs to reinforce the knowledge. Martin is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to become a professional Web Application Bug Bounty Hunter.
Course outline:
1. Cross-site scripting (XSS) – Theory and Labs
2. Cross-site request forgery (CSRF) – Theory and Labs
3. Open Redirect – Theory and Labs
4. Bypassing Access Control – Theory and Labs
5. Server-side request forgery (SSRF) – Theory and Labs
6. SQL injection – Theory and Labs
7. OS command injection – Theory and Labs
8. Insecure Direct Object References (IDOR) – Theory and Labs
9. XML external entity (XXE) injection – Theory and Labs
10. API Testing – Theory and Labs
11. File upload vulnerabilities – Theory and Labs
12. Java Script analysis – Theory and Labs
13. Cross-origin resource sharing (CORS) – Theory and Labs
14. Business logic vulnerabilities – Theory and Labs
15. Registration flaws
16. Login flaws
17. Password reset flaws
18. Updating account flaws
19. Developer tool flaws
20. Analysis of core application
21. Payment feature flaws
22. Premium feature flaws
23. Directory Traversal – Theory and Labs
24. Methodology to find most bugs
25. Portswigger Mystery Labs (finding bugs on applications without hints)
26. AI Automation
Notes & Disclaimer
Portswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
Course Content
- 27 section(s)
- 183 lecture(s)
- Section 1 Introduction
- Section 2 Cross-site scripting (XSS)
- Section 3 Cross-site request forgery (CSRF)
- Section 4 Open Redirect
- Section 5 Bypassing Access Control
- Section 6 Server-side request forgery (SSRF)
- Section 7 SQL injection
- Section 8 OS command injection
- Section 9 Insecure Direct Object References (IDOR)
- Section 10 XML external entity (XXE) injection
- Section 11 API Testing
- Section 12 File upload vulnerabilities
- Section 13 Java Script analysis
- Section 14 Cross-origin resource sharing (CORS)
- Section 15 Business logic vulnerabilities
- Section 16 Registration flaws
- Section 17 Login flaws
- Section 18 Password reset flaws
- Section 19 Updating account flaws
- Section 20 Developer tools flaws
- Section 21 Analysis of the core application
- Section 22 Payment feature flaws
- Section 23 Premium feature flaws
- Section 24 Directory Traversal
- Section 25 Methodology to find most bugs
- Section 26 Mystery Labs
- Section 27 AI Automation
What You’ll Learn
- web application vulnerabilities, web application penetration testing, Become a web app bug bounty hunter, 100+ ethical hacking & security videos, Cross-site scripting (XSS), Cross-site request forgery (CSRF), Open Redirect, Bypassing Access Control, Server-side request forgery (SSRF), SQL injection, OS command injection, Insecure Direct Object References (IDOR), XML external entity (XXE) injection, API Testing, File upload vulnerabilities, Java Script analysis, Cross-origin resource sharing (CORS), Business logic vulnerabilities, Registration flaws, Login flaws, Password reset flaws, Updating account flaws, Developer tools flaws, Analysis of core application, Payment feature flaws, Premium feature flaws, Directory Traversal, Bug Hunting Methodology, Portswigger Mystery Labs
Skills covered in this course
Reviews
-
IIrohitmistry
its amazing
-
MMangesh Patil
Best Course on Bug Bounty
-
HHichem Hamadou
Excellent course!
-
JJoseph White
I've taken Courses on Burp Suite Labs from Martin Voelk and he does an outstanding job with these videos, structure, and directly speaking to the detail that is needed to fully understand. If someone is complaining about terms or technical items that they don't understand - then they are not ready to tackle this specific tasking. A true learner will identify their knowledge gaps - go fill them - and come back to these courses. Using Voelk's courses got me over many hurdles in pen testing and most recent the PNPT exam. I HIGHLY recommend his courses. I'm only concentrating on Web App/Bug Bounty from now on - I need this course to refresh and zone in to methodology. Listen and learn - if don't understand - got o THM and take their cert courses - & then come back. These are the best courses on Udemy!
