Intro to Bug Bounty Hunting and Web Application Hacking

Welcome to Intro to Bug Bounty Hunting and Web Application Hacking, your introductory course into practical bug bounty hunting.

Learn ethical hacking principles with your guide and instructor Ben Sadeghipour (@NahamSec).

During the day, Ben works as the head of Hacker Education at HackerOne. During his free time, Ben produces content on Twitch and YouTube for other hackers, bug bounty hunters, and security researchers.

This course serves as a comprehensive guide and answers the number one question he receives, "how do I get started?"

• Intro to Bug Hunting - Course Overview 01:11

  • 1: 01. Intro Preview 01:11

• HTTP Basics 10:08

  • 2: HTTP Basics Slides Preview 03:03
  • 3: HTTP Basics Lab 07:05

• Open Redirect 05:36

  • 4: Open Redirect - Slides 02:23
  • 5: Open Redirect - Lab 03:13

• Cross-site Scripting (XSS) 22:11

  • 6: XSS - Slides 07:21
  • 7: XSS - Lab 1 02:32
  • 8: XSS - Lab 2 Preview 03:34
  • 9: XSS - Lab 3 02:30
  • 10: XSS - Lab 4 04:38
  • 11: XSS - Recap 01:36

• Cross-site Request Forgery (CSRF) 06:17

  • 12: CSRF - Slides 04:49
  • 13: CSRF - Recap 01:28

• Insecure Direct Object Reference (IDOR) 07:32

  • 14: IDOR - Slides 04:14
  • 15: IDOR - Lab Preview 01:48
  • 16: IDOR - Recap 01:30

• Local File Disclosure (LFD) 10:15

  • 17: LFD - Slides 06:42
  • 18: LFD - Lab 02:14
  • 19: LFD - Recap 01:19

• SQL Injection 37:43

  • 20: Error Based SQL Injection - Slides 07:42
  • 21: Blind SQL Injection - Slides 06:16
  • 22: SQL Injection - Lab 1 - Error Based SQL Injection 07:10
  • 23: SQL Injection - Lab 2 - Blind 10:06
  • 24: SQL Injection - Lab 3 - SQL Map Demo 04:04
  • 25: SQL Injection Recap 02:25

• Server Side Request Forgery (SSRF) 28:26

  • 26: SSRF - Slides 08:33
  • 27: SSRF - Lab 1 - Netcat 03:43
  • 28: SSRF - Lab 2 - Burp Collaborator 03:24
  • 29: SSRF - Lab 3 - Whitelisting 03:01
  • 30: SSRF - Lab 4 - Blind SSRF 03:51
  • 31: SSRF - Lab 5 - Blacklisting 04:22
  • 32: SSRF - Recap 01:32

• XML External Entity (XXE) 15:03

  • 33: XXE - Slides 05:30
  • 34: XXE - Lab 1 04:17
  • 35: XXE - Lab 2 03:43
  • 36: XXE - Recap 01:33

• Remote Command Execution (RCE) 12:28

  • 37: RCE - Slides 05:01
  • 38: RCE - Lab 1 - Command Injection 01:50
  • 39: RCE - Lab 2 - Remote Code Injection 04:00
  • 40: RCE - Lab 3 01:06
  • 41: RCE - Recap 00:31

• Testing File Uploaders 13:44

  • 42: File Uploads - Slides 05:14
  • 43: File Uploads - Lab 1 - XSS 01:29
  • 44: File Uploads - Lab 2 - RCE 05:41
  • 45: File Uploads - Recap 01:20

• Recon 21:03

  • 46: Recon - Slides 05:40
  • 47: Recon - Lab 1 - Google Dorking 02:59
  • 48: Recon - Lab 2 - Certificate Transparency 01:19
  • 49: Recon - Lab 3 - Censys 02:06
  • 50: Recon - Lab 4 - Shodan 04:06
  • 51: Recon - Lab 5 - Example Automation 03:42
  • 52: Recon - Recap 01:11

• How to Setup Your Lab (Installing and Demos) 30:35

  • 53: Getting Your VPS 05:37
  • 54: Go Language 01:22
  • 55: Burp Suite 00:50
  • 56: FFUF 04:53
  • 57: nmap 00:33
  • 58: nmap demo 04:53
  • 59: Sublister & Pip 03:09
  • 60: AMASS 02:12
  • 61: Aquatone 02:46
  • 62: Aquatone Demo 03:34
  • 63: HTTP Probe 00:46

• Hands on Hacking 45:35

  • 64: Hands on Hacking Labs Intro + Recon Asset Discovery 04:56
  • 65: Hands on Hacking - Lab LFD 04:35
  • 66: Hands on Hacking - Lab XSS 1 03:37
  • 67: Hands on Hacking - Lab XSS 2 02:44
  • 68: Hands on Hacking - Lab XSS 3 05:49
  • 69: IDOR Exploitation Thought Process 06:54
  • 70: Hands on Recon - Content Discovery 06:56
  • 71: Hands on Recon - Aquatone Demo 03:34
  • 72: Dnsgen 00:59
  • 73: Hands on Recon - Dnsgen Demo 02:43
  • 74: API Brute Forcing 02:48

• Next Steps & Outro 37:40

  • 75: How to Write a Good Report 08:08
  • 76: Example Report & CVSS: IDOR 07:34
  • 77: Picking Your First Target 04:43
  • 78: HackerOne Hacktivity Intro 02:20
  • 79: HackerOne Invites 01:18
  • 80: Receiving Your First HackerOne Private Program Invitation 01:26
  • 81: HackerOne Directory & Dashboard 04:05
  • 82: How to Read Policies 08:06

• Resources 07:05

  • 83: Additional Resources 07:05

This course will feature:

• An overview of 10+ vulnerability types and how to find them.

• Hands-on labs for each vulnerability type where Ben will walk you through how each bug works and how they can be further exploited.

• A practical lab where students will be attacking a fake organisation to test out their newly acquired skills.

• An introduction to recon including asset discovery and content discovery.

• You will learn the tools of the trade and how to set up your hacking lab

• Introduction to bug bounty programs, how to read the scope, how to write a report, a good report, and how to get your first invitation to a private bug bounty program!

• This course will be updated based on changing bug types, recon tactics, and your feedback! Purchase of the course gets you lifetime access to all information and updates.

Notes & Disclaimer

This course will be updated regularly as new information becomes available. Ben is committed to providing as much assistance as possible and will be answering relevant questions within 48 hours. Please don't be discouraged if you don't immediately find a bug, this field is for resilient people committed to learning and figuring things out without much direction. Google will be your friend, and we encourage you to try things before immediately asking for a solution.

This course is meant for educational purposes only. This information is not to be used for black hat exploitation and should only be used on targets you have permission to attack

• Beginners in cybersecurity
• People interested in bug bounty hunting
• Anyone interested in ethical hacking
• Developers looking to expand on their knowledge of vulnerabilities that may impact them
• Anyone interested in application security
• Anyone interested in Red teaming
• Anyone interested in offensive security
• Bug Bounty Hunters
• Hack Websites for Ethical Hacking

• Basic understanding of web technology

• Linux basics

• Reliable internet connection.

Reed courses certificate of completion

Digital certificate - Included