Practical Bug Bounty - Web Application Security and Penetration Testing

Dive into a comprehensive 4-hour 46-minute video course on practical bug bounty hunting. Learn essential web application security concepts, including authentication attacks, authorization vulnerabilities, and file inclusion exploits. Explore the differences between bug bounty hunting and penetration testing, understand scoping and ethics, and gain hands-on experience with tools like Burp Suite. Master techniques for fingerprinting web technologies, directory enumeration, and subdomain discovery. Complete practical challenges and walkthroughs to reinforce your skills in identifying and exploiting common web vulnerabilities.

- Intro
- Keeper Security Sponsorship
- Course Introduction
- Importance of Web App Security
- Web App Security Standards and Best Practices
- Bug Bounty Hunting vs Penetration Testing
- Phases of a Web App Pentest
- CryptoCat Introduction
- Understanding Scope, Ethics, Code of Conduct, etc.
- Common Scoping Mistakes
- Installing VMWare / VirtualBox
- Installing Linux
- Lab Installation
- Web Technologies
- HTTP & DNS
- Fingerprinting Web Technologies
- Directory Enumeration and Brute Forcing
- Subdomain Enumeration
- Burp Suite Overview
- Introduction to Authentication
- Brute-force Attacks
- Attacking MFA
- Authentication Challenge Walkthrough
- Intro to Authorization
- IDOR - Insecure Direct Object Reference
- Introduction to APIs
- Broken Access Control
- Testing with Autorize
- Introduction to LFI/RFI
- Local File Inclusion Attacks
- Remote File Inclusion Attacks
- File Inclusion Challenge Walkthrough
- Conclusion