Scribd
Upload
586 views6 pages

Bug Bounty Course Contents

This document outlines the contents of a cyber security course, which includes 16 modules covering topics such as bug bounty programs, information gathering, SQL injection, web application attacks, cross-site scripting, password cracking, and documentation/report writing. The course includes daily live sessions, hands-on practical exercises, recorded lectures for revision, weekend MCQ tests, and certification upon completion. The goal of the training is for students to learn to find bugs and vulnerabilities to work on bug bounty programs and crack cyber security job interviews.

Uploaded by

woyaf61625
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
586 views6 pages

Bug Bounty Course Contents

This document outlines the contents of a cyber security course, which includes 16 modules covering topics such as bug bounty programs, information gathering, SQL injection, web application attacks, cross-site scripting, password cracking, and documentation/report writing. The course includes daily live sessions, hands-on practical exercises, recorded lectures for revision, weekend MCQ tests, and certification upon completion. The goal of the training is for students to learn to find bugs and vulnerabilities to work on bug bounty programs and crack cyber security job interviews.

Uploaded by

woyaf61625
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

COURSE

CONTENTS
1 INTRODUCTION
1.1 What is a Bug Bounty Program?

1.2 Popular Bug Bounty Platforms

1.3 Bug-crowd (Demo)


1.4 Hacker-one(Demo)
1.5 Benefits of Bug Bounty

2 SETTING UP A LAB

2.1 Installation of VirtualBox

2.2 Installing Kali Linux

2.3 Installing Metasploitable

2.4 Installing Windows

3 INFORMATION
GATHERING?
3.1 What is Whois Information

3.2 Info. gathering about People & Organisation

3.3 Subdomain info. gathering


3.4 Gathering Information about Websites
3.5 Google dorking & Github Dorking

@Cyber_security_mumbai
COURSE
CONTENTS
4 BURP-SUITE
4.1 Overview of BURP-SUITE

4.2 Steps to Configure (Demo)

4.3 Practical on BURP-SUITE

4.4 Web hacking using Burp suite

5 SQL INJECTION
5.1 Writing Basic SQL Query

5.2 SQLi Introduction & Impact

5.3 Union Based SQLi (Demo)

5.4 Boolean Based SQli


5.5 Time Based SQli

6 WEB APPLICATION ATTACKS

6.1 Validation Bypass (Client & Server)

6.2 Rate Limiting Flaw

6.3 File Upload Vulnerability


6.4 Practical on web application attacks

@Cyber_security_mumbai
COURSE
CONTENTS
7 CROSS SITE SCRIPTING(XSS)?
7.1 Overview of XSS

7.2 Types of XSS

7.3 Practical on XSS

8 HOST HEADER INJECTION METHODS


8.1 What is Host header Injection

8.2 Methods of Host header injection


8.3 practical on Host header Injection
8.4 HTML Injection
8.5 Cookie without missing HTTP flag

9 CROSS SITE REQUEST


FORGERY [CSRF]
9.1 Overview of CSRF attack.
9.2 Impact of a CSRF attack
9.3 Practical on CSRF attack.

@Cyber_security_mumbai
COURSE
CONTENTS
10 CLIENT SIDE ATTACKS
10.1 Understanding Session, Cookies & Session Fixation

10.2 Cross Site Request Forgery Introduction

10.3 Cookie without missing HTTP flag


10.4 HTTP vs HTTPS vulnerablity
10.5 Sensitive Information Disclosure

11 FILE INCLUSION ATTACK


11.1 Local File Inclusion

11.2 Remote File Inclusion


11.3 Critical file vulnerability

11.4 Practical on File inclusion attack

12 PASSWORD CRACKING
12.1 Password cracking techniques

12.2 Brute-force Vs Dictionary attack

12.3 Practical on password cracking

@Cyber_security_mumbai
COURSE
CONTENTS
13 PASSWORD RESET VULNERABILITY
13.1 How does a password reset work?

13.2 practical on Password reset vulnerability

13.3 Password reset link not expired

14 SERVER SIDE REQUEST


FORGERY [SSRF]
14.1 Overview of Server side request forgery

14.2 Impact of SSRF attacks


14.3 practical on Server side request forgery

15 HTTP REQUEST SMUGGLING


15.1 Finding HTTP request smuggling vulnerabilities

15.2 Advanced request smuggling


15.3 Practical on HTTP request smuggling

16 CLICK-JACKING
16.1 What is Click-jacking?

16.2 Prevent click-jacking attacks

16.3 Practical of Click-jacking

@Cyber_security_mumbai
COURSE
CONTENTS
17 DOCUMENTATION &
REPORT WRITING
17.1 Find out vulnerability and make
vulnerability report for bug bounty.
17.2 Writing VAPT reports.

17.3 Resume preparation


17.4 Interview preparation

TRAINING INCLUDES :
Live sessions daily 1-2 hours

Hands-on practical of bug bounty


Recorded lectures for revision
MCQ Test on weekend.
Certification of course completion

TRAINING OUTCOMES :
You can able to find bugs & vulnerabilities

Can work on Bug bounty programs


Can crack cyber security job interviews

@Cyber_security_mumbai

You might also like