img
img

Course Details!

Details

  1. Home
  2. Details

Bug Bounty & Mastering Web Attacks with Full-Stack Exploitation
0.0

Description

Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs.
What’s more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.
To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.

Hardware - Software Requirements
a laptop with 64-bit operating system
at least 4 GB RAM (8 GB preferred)
35 GB free hard drive space
USB port (2.0 or 3.0)
wireless network adapter
administrative access
ability to turn off AV
firewall and VMware Player
Fusion installed (64-bit version).

What Will I Learn?

  • Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What’s more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.

Certificates

  • *Certificate of Attendance from IT-Gate Academy

Getting Familiar with Burp Suite

  • Start Configuring Burp Suite with Browser
  • Start Target, Proxy and Spider Tabs of Burp Suite
  • Start Scanner, Intruder and Repeater Tabs of Burp Suite
  • StartWrapping up Burp Suite

Reconnaissance

  • Start Getting the Juicy Information from the Headers
  • Start Information Gathering using google Dorks
  • Start Google Dorks
  • Start Analyzing Files on Website for Juicy Endpoints
  • Start Downloading the Source of a Website
  • Start The Dirbuster
  • Start Gathering Information using WhatWeb
  • Start Enemurating Subdomains
  • Start Using the Harvester for finding Public Info
  • Start The Way Back Machine
  • Start Vhost Discovery

Using Nmap for Information Gathering Purposes

  • Start Getting Familiar with Nmap
  • Start Different Type of Nmap scans
  • Start Nmap scans
  • Start Banner Grabbing

Server Managing and Following SDLC

  • Build AWS Environment for Penetration Testing
  • Build Your Own Recon Tools
  • Cloud Object Storage Attacks
  • Shared Servers and dedicated servers
  • Use a Recon Frameworks for Low-Hanging Fruits
  • Build Your Own Vulnerable Website by using PHP and MySQL and WordPress CMS

OWASP Top 10 Vulnerabilities and Advanced Techniques (Exploit from Zero to Hero)

  • Broken Access Control
  • Cryptographic Failures
  • Injection (SQLi, NoSQL, XML)
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery

OWASP Top 10 Vulnerabilities Mitigation

  • Following SSDLC Techniques
  • Code Review by Manual and Automation Tools

Technical Side and Review

  • Write a Professional Security Report
  • Write a Professional Bug Bounty Report
  • Join a PTass Platform (Penetration Testing as a Services)
  • Join a Bug Bounty Platform (Bug Crowd, Hacker One, Synack)
  • Capture The Flag Competition

Comments