Web Security & Bug Bounty: Learn Penetration Testing in 2021

August 19, 2021 Courses
Web Security & Bug Bounty: Learn Penetration Testing in 2021

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 10.5 Hours | 5.24 GB

Start a career or earn a side income by becoming a Bug Bounty Hunter. No experience needed. Hack websites, fix vulnerabilities, improve web security and much more. You’ll learn penetration testing from scratch and master the most modern pentesting tools & best practices for 2021!

What you’ll learn

  • Learn Penetration Testing from scratch to become a bug bounty hunter and web security expert
  • Setting Up Your Hacking Lab: Kali Linux and Virtual Machines (Works with Windows/Mac/Linux)
  • Learn How To Hack & Attack Systems With Known Vulnerabilities
  • Bug Hunter and the Burpsuite Tool
  • Command Injection/Execution
  • Bruteforce Attacks
  • Security Misconfiguration
  • SQL Injection
  • Logging & Monitoring Best Practices
  • Networking Fundamentals
  • Discover, exploit, and mitigate all types of web vulnerabilities. Secure any of your future applications using best practices
  • How to make money from bug bounty hunting and make a career of it
  • Website Enumeration & Information Gathering
  • HTML Injections
  • Broken Authentication
  • Broken Access Control
  • Cross Site Scripting – XSS
  • XML, XPath Injection, XXE
  • Web Fundamentals
  • Linux Terminal Fundamentals

This pentesting / bug bounty course will cover:
1. Introduction To Bug Bounty:

In this section, we answer “What is a Bug Bounty?” and “What is Penetration Testing?”. We’ll also explore the career path of a Pen Tester.

2. Our Virtual Lab Setup:

  • Create your virtual lab that we will use throughout the course (Kali Linux machine).
  • Install a vulnerable virtual machine (“VM”) called OWASPBWA that we will attack.
  • Create an account on the TryHackMe Cyber Security training platform.
  • With almost every vulnerability, we will cover an example on TryHackMe and also on our vulnerable VM.
  • From here you will choose one of two different paths depending on the knowledge that you already have.

3. Website Enumeration & Information Gathering:

This is where we start with the practical Bug Bounty/ Website Penetration Testing. We cover numerous tactics and tools that allow us to gather as much information about a certain website. For this, we use different tools like Dirb, Nikto, Nmap. We also use google hacking which is a useful skill to have once tools are not available.

4. Introduction To Burpsuite:

This is a very important tool for a Bug Hunter. Pretty much every Bug Hunter out there knows about this tool (and probably uses it). It has many different features that make hunting for bugs easier. Some of those features are crawling the webpage, intercepting and changing HTTP requests, brute-force attacks and more.

5. HTML Injection:

This is our first bug. It’s also one of the easiest so we start with it. HTML injection is essentially just finding a vulnerable input on the webpage that allows HTML code to be injected. That code is later rendered out on the page as real HTML.

6. Command Injection/Execution:

Our first dangerous bug. Injecting commands is possible when the server runs our input through its system unfiltered. This could be something like a webpage that allows us to ping other websites but doesn’t check whether we inputted a different command other than the IP address that it needs. This allows us to run commands on the system, compromise the system through a reverse shell and compromise accounts on that system (and all the data).

7. Broken Authentication:

This is another vulnerability that occurs on websites. It essentially refers to weakness in 2 areas session management and credential management. It allows the attacker to impersonate legitimate users online. We show different examples through cookie values, HTTP requests, Forgot password page etc.

8. Bruteforce Attacks:

This can be a problem even if the website is secure. If the client has an easy and simple password set, it will also be easy to guess. We cover different tools used to send lots of passwords on the webpage to break into an account.

9. Sensitive Data Exposure:

This isn’t a vulnerability in the system. Instead it’s when developers forget to remove important information during production that can be used to perform an attack. We cover an example where a developer forgets to remove the entire database from being accessible to regular users.

10. Broken Access Control:

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user. Here we cover a vulnerability called Insecure direct object reference. A simple example would be an application that has user IDs in the URL. If it doesn’t properly store and manage those IDs an attacker could potentially change the ID and access the information of another user.

11. Security Misconfiguration:

We’ve added this as a separate section. However, all the previous vulnerabilities also belong to it. Here we show an example of a vulnerability where the admins of websites haven’t changed the default credentials for a certain application that runs on their server.

12. Cross Site Scripting – XSS:

This is a big vulnerability and is very common in many websites out there. This vulnerability allows us to execute Javascript code on the webpage. This is due to user input not being well filtered and processing the input as javascript code. There are 3 main types of XSS which are Stored, Reflected and DOM based XSS. We cover these 3 plus some unusual ones.

13. SQL Injection:

Another big vulnerability out there and a really dangerous one. Many websites communicate with the Database, whether it being a database that stores product information or user information. If the communication between the user and the database is not filtered and checked, it could allow the attacker to send an SQL query and communicate with the database itself, allowing them to extract the entire database or even delete it. There are a couple of types of SQL injection such as Error based or Blind SQL injection.

14. XML, XPath Injection, XXE:

XXE or XML External Entity is a vulnerability that allows an attacker to interfere with a website that processes XML data. It could allow the attacker to run a reverse shell or read files on the target system making it another severe vulnerability.

15. Components With Known Vulnerabilities:

Even if the website might not be vulnerable, the server might be running some other components/applications that have a known vulnerability that hasn’t been patched yet. This could allow us to perform various types of attacks depending on what that vulnerability is.

16. Insufficient Logging And Monitoring:

Logging and monitoring should always be done from a security standpoint. Logging allows us to keep track of all the requests and information that goes through our application. This can help us determine whether a certain attack is taking place or if the attack already happened, it allows us to examine it a little deeper, see which attack it was, and then apply that knowledge to change the application so that the same attack doesn’t happen again.

17. Monetizing Bug Bounty Hunting:

After practicing and covering all the vulnerabilities, we’ll show you how you can make money from your new knowledge and skills. We give you different platforms that can be used to start your career as a bug hunter and use one platform as an example to show how a bug bounty program works and what to pay attention to when applying.

18. Bonus – Web Developer Fundamentals:

This section is for anyone that doesn’t have basic knowledge in Web Development or doesn’t know exactly how websites work and are structured.

19. Bonus – Linux Terminal:

This section is for anyone that doesn’t have basic knowledge of using the linux terminal. This is important as we will be using it throughout the course.

20. Bonus – Networking:

Fundamentals of networking and some basic terms to know as Penetration Testers and Bug Bounty hunters.

Table of Contents

Introduction To Bug Bounty
1 Course Outline
2 Join Our Online Classroom!
3 Exercise Meet The Community
4 What is Penetration Testing
5 What is Bug Bounty
6 Course Resources + Guide

Our Virtual Lab Setup
7 Virtual Box, Kali Linux Download
8 Important – New Kali Linux Categories
9 Kali Linux Installation
10 OWASPBWA Installation
11 Creating TryHackMe Account
12 Paths

Website Enumeration & Information Gathering
13 Website Enumeration – Theory
14 Google Dorks
15 Ping, Host, Nslookup
16 Whatweb
17 Dirb
18 Nmap
19 Nikto

Introduction To Burpsuite
20 Burpsuite Configuration
21 Burpsuite Intercept
22 Burpsuite Repeater
23 Burpsuite Intruder

HTML Injection
24 HTML Injection – Theory
25 HTML Injection 1 on TryHackMe
26 HTML Injection 2 – Injecting User-Agent Header
27 Injecting Cookie Field and Redirecting The Page
28 Advance Example of HTML Injection

Command Injection Execution
29 Command Injection Theory
30 Command Injection On TryHackMe and Blind Command Injection
31 Solving Challenges With Command Injection
32 Running PHP Reverse Shell With Command Execution Vulnerability
33 Bypassing Input Filter And Executing Command

Broken Authentication
34 Broken Authentication Theory
35 Broken Authentication On TryHackMe
36 Broken Authentication Via Cookie
37 Basic Authorization in HTTP Request
38 Forgot Password Challenge
39 Session Fixation Challenge

Bruteforce Attacks
40 Cluster Bomb Bruteforce
41 Hydra Bwapp Form Bruteforce
42 Hydra Post Request Form Bruteforce
43 Bonus – Hydra SSH Attack

Sensitive Data Exposure
44 Sensitive Data Exposure Example

Broken Access Control
45 Broken Access Control – Theory
46 Accessing passwd With BAC
47 Ticket Price IDOR

Security Misconfiguration
48 Security Misconfiguration – Default App Credentials

Cross Site Scripting – XSS
49 XSS Theory
50 Changing Page Content With XSS
51 Bypassing Simple Filter
52 Downloading a File With XSS Vulnerability
53 DOM XSS Password Generator
54 JSON XSS
55 Old Vulnerable Real Applications

SQL Injection
56 SQL Injection Theory
57 Guide To Exploiting SQL Injection
58 Getting Entire Database
59 Extracting Passwords From Database
60 Bypassing Filter In SQL Query
61 Blind SQL Injection

XML, XPath Injection, XXE
62 XPath Injection
63 XPath Injection 2
64 XXE

Components With Known Vulnerabilities
65 Components With Known Vulnerabilities Example

Insufficient Logging And Monitoring
66 Insufficient Logging And Monitoring Example

Monetizing Bug Hunting
67 Whats Next & How To Earn Money By Finding Vulnerabilities
68 Unique and Interesting Bugs Discovered

Bonus – Web Developer Fundamentals
69 Browsing the Web
70 Breaking Google
71 The Internet Backbone
72 Traceroute
73 HTML, CSS, Javascript
74 Build Your First Website
75 HTML Tags
76 Your First CSS
77 What Is Javascript
78 Your First Javascript
79 Javascript On Our Webpage
80 HTTP HTTPS
81 Introduction To Databases
82 SQL Create Table
83 SQL Insert Into + Select
84 What is PHP

Bonus – Linux Terminal
85 Linux 1 – ls, cd, pwd, touch
86 Linux 2 – sudo, nano, clear
87 Linux 3 – ifconfig, nslookup, host

Bonus – Networking
88 Networking Cheatsheet

Where To Go From Here
89 Thank You
90 Become An Alumni
91 Endorsements On LinkedIN
92 Learning Guideline

Homepage

Resolve the captcha to access the links!