Course Content
1.Understanding Web Security Basics
You don't currently have access to this content
1 Topic
1.1-Understanding the Web and Its Security Foundations
You don't currently have access to this content
2.Hands-on Web Security Fundamentals
You don't currently have access to this content
1 Topic
2.1-Authentication, Error Handling & Input Security
You don't currently have access to this content
3.Bug Bounty Reporting & Earning Rewards
You don't currently have access to this content
1 Topic
3.1-Bug Bounty Blueprint: From Starting Out to Going Private
You don't currently have access to this content
4.Reconnaissance & Information Gathering
You don't currently have access to this content
5 Topics
4.1-Passive Recon (Different ways to gather information)
You don't currently have access to this content
4.2-Active Recon (Different ways to gather information)
You don't currently have access to this content
4.3-Subdomain Enumeration (Why subdomains matter and how to find them)
You don't currently have access to this content
4.4-Burp Suite Basics (A must-have tool for bug hunters)
You don't currently have access to this content
4.5-Google Dorking (Using Google to find hidden vulnerabilities)
You don't currently have access to this content
5.Web Application Vulnerabilities
You don't currently have access to this content
16 Topics
5.1-Missing SPF Records (Email security issues)
You don't currently have access to this content
5.2-Admin Panel Disclosure (How admin panels get exposed)
You don't currently have access to this content
5.3-Username Enumeration (Finding valid usernames for potential attacks)
You don't currently have access to this content
5.4-Server Version Disclosure (Why knowing server versions can help attackers)
You don't currently have access to this content
5.5-Unencrypted Passwords (Risks of storing passwords in plaintext)
You don't currently have access to this content
5.6-Stored (Cross-site scripting attacks and their impact)
You don't currently have access to this content
5.7-Reflected XSS (Cross-site scripting attacks and their impact)
You don't currently have access to this content
5.8-SQL Injection (Error-based attacks)
You don't currently have access to this content
5.9-SQL Injection (Blind Boolean-based attacks
You don't currently have access to this content
5.10-Open Redirection (How attackers can redirect users to malicious sites)
You don't currently have access to this content
5.11-Open Directory Listing (Why exposed directories are a security risk)
You don't currently have access to this content
5.12-Clickjacking (Tricking users into clicking on something they didn’t intend to)
You don't currently have access to this content
5.13-Missing Security Headers (Small misconfigurations that can lead to big problems)
You don't currently have access to this content
5.14-No Rate Limit Vulnerabilities (Exploiting APIs and login forms that don’t limit requests)
You don't currently have access to this content
5.15-Session Hijacking (Taking over user sessions)
You don't currently have access to this content
5.16-IDOR (Insecure Direct Object Reference – accessing unauthorized data)
You don't currently have access to this content
6.Web Vulnerability Chaining
You don't currently have access to this content
1 Topic
6.1-How different vulnerabilities can be combined for a bigger impact
You don't currently have access to this content
7.API Security Basics
You don't currently have access to this content
6 Topics
7.1-Introduction to APIs
You don't currently have access to this content
7.2-Types of API
You don't currently have access to this content
7.3-REST & GraphQL – what they are and how they work)
You don't currently have access to this content
7.4-API Authentication
You don't currently have access to this content
7.5-API Authentication Methods
You don't currently have access to this content
7.6-API testing Methodology
You don't currently have access to this content
8.API Vulnerabilities
You don't currently have access to this content
4 Topics
8.1-Regex DoS (Denial of Service via poorly written regex patterns)
You don't currently have access to this content
8.2-Security Header Misconfigurations (Common issues and how they can be exploited)
You don't currently have access to this content
8.3-Mass Assignment (How improper input handling can expose sensitive data)
You don't currently have access to this content
8.4-Billion Laughs Attack (An XML-based DoS attack)
You don't currently have access to this content
9.Mobile & Cloud Security Essentials
You don't currently have access to this content
4 Topics
9.1-Mobile App Security Basics (Exposed API keys, APK decompilation, and common risks)
You don't currently have access to this content
9.2-Cloud Misconfigurations (Open S3 buckets, Azure Blob Storage, and data leaks)
You don't currently have access to this content
9.3-Azure block storage
You don't currently have access to this content
9.4-Weak Data base name and mitigations
You don't currently have access to this content
Final Quiz
Bug Hunting Essentials Quiz
You don't currently have access to this content