HITB-Invoice-Logo-1.png

3-day hands-on technical Workshop in HITB⁺in{:cyber} Abu Dhabi 2024

Offensive Bug Bounty (HKT)

Attend In-person$3,299.00

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

Duration

3-day

Delivery Method

In-Person

Level

beginner

Seats Available

20

ATTEND IN-PERSON: Onsite in Phuket

DATE: 21-23 August 2023

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
21 Aug Monday 0900-17:00 ICT/GMT+7 8 Hours
22 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
23 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

Bug bounty Hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way.

Bug bounties, also known as responsible disclosure programs, are set up by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security, then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

 

Agenda

 

Day 1 


  1. Introduction
  2. Information Gathering & Basic Terminologies 2: Recon For Bug Bounty Hunting
  3. Introduction of Burpsuite
  4. Host Header Injection
  5. URL Redirection
  6. Parameter Tampering
  7. HTML Injection
  8. File Inclusion
  9. Missing/insufficient SPF record
  10. Insecure CORS Configuration
  11. Server Side Request Forgery 13: Critical File Found
  12. Source Code Disclosure
  13. Cross Site Request Forgery 16: NO RATE LIMITING
  14. Long Password Dos Attack
  15. HSTS
  16. Insecure Direct Object Refernce

 

Day 2


  1. Comprehensive XSS
  2. Hostile Subdomain Takeover
  3. SQL Injection
  4. Command Injection
  5. File Uploading
  6. XML External Entity Injection 26: Account Lockout
  7. Advanced SQL Injection

 

Day 3


  1. Android App Dynamic Vulnerability Hunting 29: Ios App Dynamic Vulnerability Hunting
  2. Hostile Subdomain Takeover
  3. Buffer Overflow
  4. WordPress
  5. Joomla
  6. Drupal
  7. Cms Vulnerability Hunting 36: Session Fixation
  8. Conclusion

TRAINER

Why You Should Take This Course

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

Who Should Attend

  • Students,
  • Cyber Security Aspirants
  • Security Engineer
  • VAPT Employee

Prerequisite Knowledge

  • Basic of OWASP TOP 10

Hardware / Software Requirements

  • Burpsuite
  • Firefox