NextGen Bug Bounty Hunter 

Who should attend?

Anyone who is interested for securing Web application  and  those who want to hunt real time world bugs can  Join this course.

Fundamentals of Bug Bounty
  • Bug bounty methodologies
  • Types of bug bounty hunting
  • Platforms to hunt hugs
  • Traditional WAPT vs Bug Bounty
  • Intelligent gathering & enumeration
  • Burp Suite essentials
Bug Bounty Kung-fu
  • Various Injection Flows ( Error, Union base, boolean Blind, Double query, update query, load file, Out file , Second order injection, Time Based, LDAP Injection, No SQL etc)
  • Server-side attacks (SSI, Command, Code, SSRF etc )
  • Authentication & Session flows
  • Sensitive data exposure
  • Access control flaws
  • File & resource attacks
  • Security misconfiguration & improper error handling
  • Cross-site scripting deep drive
  • Bypassing Blacklisting & White listing
  • Cross-site request forgery attacks
  • Business Logic Flows
Next Gen bug hunting attacks
  • Ajax ,JSON , JQuery Attacks
  • Web Services Enumeration
  • XML based attacks 
  • HTML5 insecurities
  • Pen testing  activities against CMS
  • JWT Token Flows
  • Oauth insecurities
  • Hibernate query injection
  • CSV injection
  • Server-side JS attack
  • Rate Limit violation flows
  • Deserialization Flows
  • DOS attack
Countermeasures
Bug Bounty Report Writing