Bug Bounty Hunting from Zero to Hero. Become a successful Web Application Bug Bounty Hunter
What you'll learn
web application vulnerabilities
web application penetration testing
Become a web app bug bounty hunter
100+ ethical hacking & security videos
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
Open Redirect
Bypassing Access Control
Server-side request forgery (SSRF)
SQL injection
OS command injection
Insecure Direct Object References (IDOR)
XML external entity (XXE) injection
API Testing
File upload vulnerabilities
Java Script analysis
Cross-origin resource sharing (CORS)
Business logic vulnerabilities
Registration flaws
Login flaws
Password reset flaws
Updating account flaws
Developer tools flaws
Analysis of core application
Payment feature flaws
Premium feature flaws
Directory Traversal
Bug Hunting Methodology
Requirements
Basic IT Skills
Basic understanding of web technology
No Linux, programming or hacking knowledge required
Computer with a minimum of 4GB ram/memory
Operating System: Windows / Apple Mac OS / Linux
Reliable internet connection
Burp Suite Community (Pro optional)
Firefox Web Browser
Description
Welcome to the ultimate Web Application Bug Bounty Hunting course.Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.In this course Martin walks students through a step-by-step methodology on how to uncover web vulnerabilities. The theoretical lecture is complimented with the relevant free practical Burp labs to reinforce the knowledge. Martin is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to become a professional Web Application Bug Bounty Hunter.Course outline:1. Cross-site scripting (XSS) – Theory and Labs2. Cross-site request forgery (CSRF) – Theory and Labs3. Open Redirect – Theory and Labs4. Bypassing Access Control – Theory and Labs5. Server-side request forgery (SSRF) – Theory and Labs6. SQL injection – Theory and Labs7. OS command injection – Theory and Labs8. Insecure Direct Object References (IDOR) – Theory and Labs9. XML external entity (XXE) injection – Theory and Labs10. API Testing – Theory and Labs11. File upload vulnerabilities – Theory and Labs12. Java Script analysis – Theory and Labs13. Cross-origin resource sharing (CORS) – Theory and Labs14. Business logic vulnerabilities – Theory and Labs15. Registration flaws16. Login flaws17. Password reset flaws18. Updating account flaws19. Developer tool flaws20. Analysis of core application21. Payment feature flaws22. Premium feature flaws23. Directory Traversal – Theory and Labs24. Methodology to find most bugsNotes & DisclaimerPortswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 What you will learn
Lecture 3 How I set up Burp
Section 2: Cross-site scripting (XSS)
Lecture 4 XSS Methodology
Lecture 5 XSS Links and Slides
Lecture 6 Reflected XSS into HTML context with nothing encoded
Lecture 7 Stored XSS into HTML context with nothing encoded
Lecture 8 DOM XSS in document.write sink using source location.search
Lecture 9 DOM XSS in innerHTML sink using source location.search
Lecture 10 DOM XSS in jQuery anchor href attribute sink using location.search source
Lecture 11 DOM XSS in jQuery selector sink using a hashchange event
Lecture 12 Reflected XSS into attribute with angle brackets HTML-encoded
Lecture 13 Stored XSS into anchor href attribute with double quotes HTML-encoded
Lecture 14 Reflected XSS into a JavaScript string with angle brackets HTML encoded
Lecture 15 DOM XSS in document.write sink using source location.search inside a select elem
Lecture 16 DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encod
Lecture 17 Reflected DOM XSS
Lecture 18 Stored DOM XSS
Lecture 19 Exploiting cross-site scripting to steal cookies
Lecture 20 Exploiting cross-site scripting to capture passwords
Lecture 21 Exploiting XSS to perform CSRF
Lecture 22 Reflected XSS into HTML context with most tags and attributes blocked
Lecture 23 Reflected XSS into HTML context with all tags blocked except custom ones
Lecture 24 Reflected XSS with some SVG markup allowed
Lecture 25 Reflected XSS in canonical link tag
Lecture 26 Reflected XSS into a JavaScript string with single quote and backslash escaped
Lecture 27 Reflected XSS into a JavaScript string with angle brackets and double quotes HTM
Lecture 28 Stored XSS into onclick event with angle brackets and double quotes HTML-encoded
Lecture 29 Reflected XSS into a template literal with angle brackets, single, double quotes
Section 3: Cross-site request forgery (CSRF)
Lecture 30 CSRF Methodology
Lecture 31 CSRF Links and Slides
Lecture 32 CSRF vulnerability with no defenses
Lecture 33 CSRF where token validation depends on request method
Lecture 34 CSRF where token validation depends on token being present
Lecture 35 CSRF where token is not tied to user session
Lecture 36 CSRF where token is tied to non-session cookie
Lecture 37 CSRF where token is duplicated in cookie
Lecture 38 SameSite Lax bypass via method override
Lecture 39 SameSite Strict bypass via client-side redirect
Lecture 40 SameSite Strict bypass via sibling domain
Lecture 41 SameSite Lax bypass via cookie refresh
Lecture 42 CSRF where Referer validation depends on header being present
Lecture 43 CSRF with broken Referer validation
Section 4: Open Redirect
Lecture 44 Open Redirect Methodology
Lecture 45 Open Redirect Links and Slides
Lecture 46 Open Redirect Lab 1
Lecture 47 Open Redirect Lab 2
Lecture 48 Open Redirect Lab 3
Lecture 49 Open Redirect Lab 4
Section 5: Bypassing Access Control
Lecture 50 Bypassing Access Control Methodology
Lecture 51 Bypassing Access Control Links and Slides
Lecture 52 Unprotected admin functionality
Lecture 53 Unprotected admin functionality with unpredictable URL
Lecture 54 User role controlled by request parameter
Lecture 55 User role can be modified in user profile
Lecture 56 User ID controlled by request parameter
Lecture 57 User ID controlled by request parameter, with unpredictable user IDs
Lecture 58 User ID controlled by request parameter with data leakage in redirect
Lecture 59 User ID controlled by request parameter with password disclosure
Lecture 60 URL-based access control can be circumvented
Lecture 61 Method-based access control can be circumvented
Lecture 62 Multi-step process with no access control on one step
Lecture 63 Referer-based access control
Section 6: Server-side request forgery (SSRF)
Lecture 64 Server-side request forgery (SSRF) Methodology
Lecture 65 Server-side request forgery (SSRF) Links and Slides
Lecture 66 Basic SSRF against the local server
Lecture 67 Basic SSRF against another back-end system
Lecture 68 SSRF with blacklist-based input filter
Lecture 69 SSRF with filter bypass via open redirection vulnerability
Lecture 70 Blind SSRF with out-of-band detection
Section 7: SQL injection
Lecture 71 SQL injection Methodology
Lecture 72 SQL injection Links and Slides
Lecture 73 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Lecture 74 SQL injection vulnerability allowing login bypass
Lecture 75 SQL injection UNION attack, determining the number of columns returned
Lecture 76 SQL injection UNION attack, finding a column containing text
Lecture 77 SQL injection UNION attack, retrieving data from other tables
Lecture 78 SQL injection UNION attack, retrieving multiple values in a single column
Lecture 79 SQL injection attack, querying the database type and version on Oracle
Lecture 80 SQL injection attack, querying the database type and version on MySQL and MS
Lecture 81 SQL injection attack, listing the database contents on non-Oracle databases
Lecture 82 SQL injection attack, listing the database contents on Oracle
Lecture 83 Blind SQL injection with conditional responses
Lecture 84 Blind SQL injection with conditional errors
Lecture 85 Blind SQL injection with time delays
Lecture 86 Blind SQL injection with time delays and information retrieval
Lecture 87 Blind SQL injection with out-of-band interaction
Lecture 88 Blind SQL injection with out-of-band data exfiltration
Lecture 89 SQL injection with filter bypass via XML encoding
Lecture 90 Visible error-based SQL injection
Section 8: OS command injection
Lecture 91 OS command injection Methodology
Lecture 92 OS command injection Links and Slides
Lecture 93 OS command injection, simple case
Lecture 94 Blind OS command injection with time delays
Lecture 95 Blind OS command injection with output redirection
Lecture 96 Blind OS command injection with out-of-band interaction
Lecture 97 Blind OS command injection with out-of-band data exfiltration
Section 9: Insecure Direct Object References (IDOR)
Lecture 98 Insecure Direct Object References (IDOR) Methodology
Lecture 99 Insecure Direct Object References (IDOR) Links and Slides
Lecture 100 IDOR Lab 1
Lecture 101 IDOR Lab 2
Lecture 102 IDOR Lab 3
Lecture 103 IDOR Lab 4
Section 10: XML external entity (XXE) injection
Lecture 104 XML external entity (XXE) injection Methodology
Lecture 105 XML external entity (XXE) injection Links and Slides
Lecture 106 Exploiting XXE using external entities to retrieve files
Lecture 107 Exploiting XXE to perform SSRF attacks
Lecture 108 Blind XXE with out-of-band interaction
Lecture 109 Blind XXE with out-of-band interaction via XML parameter entities
Lecture 110 Exploiting blind XXE to exfiltrate data using a malicious external DTD
Lecture 111 Exploiting blind XXE to retrieve data via error messages
Lecture 112 Exploiting XInclude to retrieve files
Lecture 113 Exploiting XXE via image file upload
Section 11: API Testing
Lecture 114 API Methodology
Lecture 115 API Links and Slides
Section 12: File upload vulnerabilities
Lecture 116 File upload vulnerabilities Methodology
Lecture 117 File upload vulnerabilities Links and Slides
Lecture 118 Remote code execution via web shell upload
Lecture 119 Web shell upload via Content-Type restriction bypass
Lecture 120 Web shell upload via path traversal
Lecture 121 Web shell upload via extension blacklist bypass
Lecture 122 Web shell upload via obfuscated file extension
Lecture 123 Remote code execution via polyglot web shell upload
Section 13: Java Script analysis
Lecture 124 Java Script analysis Methodology
Lecture 125 Java Script analysis Links and Slides
Lecture 126 Java Script Lab 1
Lecture 127 Java Script Lab 2
Lecture 128 Java Script Lab 3
Lecture 129 Java Script Lab 4
Section 14: Cross-origin resource sharing (CORS)
Lecture 130 Cross-origin resource sharing (CORS) Methodology
Lecture 131 Cross-origin resource sharing (CORS) Links and Slides
Lecture 132 CORS vulnerability with basic origin reflection
Lecture 133 CORS vulnerability with trusted null origin
Lecture 134 CORS vulnerability with trusted insecure protocols
Section 15: Business logic vulnerabilities
Lecture 135 Business logic vulnerabilities Methodology
Lecture 136 Business logic vulnerabilities Links and Slides
Lecture 137 Excessive trust in client-side controls
Lecture 138 High-level logic vulnerability
Lecture 139 Inconsistent security controls
Lecture 140 Flawed enforcement of business rules
Lecture 141 Low-level logic flaw
Lecture 142 Inconsistent handling of exceptional input
Lecture 143 Weak isolation on dual-use endpoint
Lecture 144 Insufficient workflow validation
Lecture 145 Authentication bypass via flawed state machine
Lecture 146 Infinite money logic flaw
Lecture 147 Authentication bypass via encryption oracle
Section 16: Registration flaws
Lecture 148 Registration flaws Methodology
Lecture 149 Registration flaws Slides
Section 17: Login flaws
Lecture 150 Login flaws Methodology
Lecture 151 Login flaws Slides
Section 18: Password reset flaws
Lecture 152 Password reset flaws Methodology
Lecture 153 Password reset flaws Slides
Lecture 154 Password reset broken logic
Lecture 155 Password reset poisoning via middleware
Lecture 156 Basic password reset poisoning
Section 19: Updating account flaws
Lecture 157 Updating account Methodology
Lecture 158 Updating account flaws Slides
Section 20: Developer tools flaws
Lecture 159 Developer tools Methodology
Lecture 160 Developer tools flaws Slides
Section 21: Analysis of the core application
Lecture 161 Analysis of the core application Methodology
Lecture 162 Analysis of the core application Slides
Section 22: Payment feature flaws
Lecture 163 Payment feature Methodology
Lecture 164 Payment feature flaws Slides
Section 23: Premium feature flaws
Lecture 165 Premium feature Methodology
Lecture 166 Premium feature flaws Slides
Section 24: Directory Traversal
Lecture 167 Directory Traversal Methodology
Lecture 168 Directory Traversal flaws Links and Slides
Lecture 169 File path traversal, simple case
Lecture 170 File path traversal, traversal sequences blocked with absolute path bypass
Lecture 171 File path traversal, traversal sequences stripped non-recursively
Lecture 172 File path traversal, traversal sequences stripped with superfluous URL-decode
Lecture 173 File path traversal, validation of start of path
Lecture 174 File path traversal, validation of file extension with null byte bypass
Section 25: Methodology to find most bugs
Lecture 175 Bug Finding Methodology
Lecture 176 Bug Finding Slides
Anybody interested in ethical web application hacking / web application penetration testing,Anybody interested in becoming a web application bug bounty hunter,Anybody interested in learning how hackers hack web applications,Developers looking to expand on their knowledge of vulnerabilities that may impact them,Anyone interested in application security,Anyone interested in Red teaming,Anyone interested in offensive security
Homepage
RAPIDGATOR:
Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6 | Part 7
NITROFLARE:
Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6 | Part 7
What you'll learn
web application vulnerabilities
web application penetration testing
Become a web app bug bounty hunter
100+ ethical hacking & security videos
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
Open Redirect
Bypassing Access Control
Server-side request forgery (SSRF)
SQL injection
OS command injection
Insecure Direct Object References (IDOR)
XML external entity (XXE) injection
API Testing
File upload vulnerabilities
Java Script analysis
Cross-origin resource sharing (CORS)
Business logic vulnerabilities
Registration flaws
Login flaws
Password reset flaws
Updating account flaws
Developer tools flaws
Analysis of core application
Payment feature flaws
Premium feature flaws
Directory Traversal
Bug Hunting Methodology
Requirements
Basic IT Skills
Basic understanding of web technology
No Linux, programming or hacking knowledge required
Computer with a minimum of 4GB ram/memory
Operating System: Windows / Apple Mac OS / Linux
Reliable internet connection
Burp Suite Community (Pro optional)
Firefox Web Browser
Description
Welcome to the ultimate Web Application Bug Bounty Hunting course.Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.In this course Martin walks students through a step-by-step methodology on how to uncover web vulnerabilities. The theoretical lecture is complimented with the relevant free practical Burp labs to reinforce the knowledge. Martin is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to become a professional Web Application Bug Bounty Hunter.Course outline:1. Cross-site scripting (XSS) – Theory and Labs2. Cross-site request forgery (CSRF) – Theory and Labs3. Open Redirect – Theory and Labs4. Bypassing Access Control – Theory and Labs5. Server-side request forgery (SSRF) – Theory and Labs6. SQL injection – Theory and Labs7. OS command injection – Theory and Labs8. Insecure Direct Object References (IDOR) – Theory and Labs9. XML external entity (XXE) injection – Theory and Labs10. API Testing – Theory and Labs11. File upload vulnerabilities – Theory and Labs12. Java Script analysis – Theory and Labs13. Cross-origin resource sharing (CORS) – Theory and Labs14. Business logic vulnerabilities – Theory and Labs15. Registration flaws16. Login flaws17. Password reset flaws18. Updating account flaws19. Developer tool flaws20. Analysis of core application21. Payment feature flaws22. Premium feature flaws23. Directory Traversal – Theory and Labs24. Methodology to find most bugsNotes & DisclaimerPortswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 What you will learn
Lecture 3 How I set up Burp
Section 2: Cross-site scripting (XSS)
Lecture 4 XSS Methodology
Lecture 5 XSS Links and Slides
Lecture 6 Reflected XSS into HTML context with nothing encoded
Lecture 7 Stored XSS into HTML context with nothing encoded
Lecture 8 DOM XSS in document.write sink using source location.search
Lecture 9 DOM XSS in innerHTML sink using source location.search
Lecture 10 DOM XSS in jQuery anchor href attribute sink using location.search source
Lecture 11 DOM XSS in jQuery selector sink using a hashchange event
Lecture 12 Reflected XSS into attribute with angle brackets HTML-encoded
Lecture 13 Stored XSS into anchor href attribute with double quotes HTML-encoded
Lecture 14 Reflected XSS into a JavaScript string with angle brackets HTML encoded
Lecture 15 DOM XSS in document.write sink using source location.search inside a select elem
Lecture 16 DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encod
Lecture 17 Reflected DOM XSS
Lecture 18 Stored DOM XSS
Lecture 19 Exploiting cross-site scripting to steal cookies
Lecture 20 Exploiting cross-site scripting to capture passwords
Lecture 21 Exploiting XSS to perform CSRF
Lecture 22 Reflected XSS into HTML context with most tags and attributes blocked
Lecture 23 Reflected XSS into HTML context with all tags blocked except custom ones
Lecture 24 Reflected XSS with some SVG markup allowed
Lecture 25 Reflected XSS in canonical link tag
Lecture 26 Reflected XSS into a JavaScript string with single quote and backslash escaped
Lecture 27 Reflected XSS into a JavaScript string with angle brackets and double quotes HTM
Lecture 28 Stored XSS into onclick event with angle brackets and double quotes HTML-encoded
Lecture 29 Reflected XSS into a template literal with angle brackets, single, double quotes
Section 3: Cross-site request forgery (CSRF)
Lecture 30 CSRF Methodology
Lecture 31 CSRF Links and Slides
Lecture 32 CSRF vulnerability with no defenses
Lecture 33 CSRF where token validation depends on request method
Lecture 34 CSRF where token validation depends on token being present
Lecture 35 CSRF where token is not tied to user session
Lecture 36 CSRF where token is tied to non-session cookie
Lecture 37 CSRF where token is duplicated in cookie
Lecture 38 SameSite Lax bypass via method override
Lecture 39 SameSite Strict bypass via client-side redirect
Lecture 40 SameSite Strict bypass via sibling domain
Lecture 41 SameSite Lax bypass via cookie refresh
Lecture 42 CSRF where Referer validation depends on header being present
Lecture 43 CSRF with broken Referer validation
Section 4: Open Redirect
Lecture 44 Open Redirect Methodology
Lecture 45 Open Redirect Links and Slides
Lecture 46 Open Redirect Lab 1
Lecture 47 Open Redirect Lab 2
Lecture 48 Open Redirect Lab 3
Lecture 49 Open Redirect Lab 4
Section 5: Bypassing Access Control
Lecture 50 Bypassing Access Control Methodology
Lecture 51 Bypassing Access Control Links and Slides
Lecture 52 Unprotected admin functionality
Lecture 53 Unprotected admin functionality with unpredictable URL
Lecture 54 User role controlled by request parameter
Lecture 55 User role can be modified in user profile
Lecture 56 User ID controlled by request parameter
Lecture 57 User ID controlled by request parameter, with unpredictable user IDs
Lecture 58 User ID controlled by request parameter with data leakage in redirect
Lecture 59 User ID controlled by request parameter with password disclosure
Lecture 60 URL-based access control can be circumvented
Lecture 61 Method-based access control can be circumvented
Lecture 62 Multi-step process with no access control on one step
Lecture 63 Referer-based access control
Section 6: Server-side request forgery (SSRF)
Lecture 64 Server-side request forgery (SSRF) Methodology
Lecture 65 Server-side request forgery (SSRF) Links and Slides
Lecture 66 Basic SSRF against the local server
Lecture 67 Basic SSRF against another back-end system
Lecture 68 SSRF with blacklist-based input filter
Lecture 69 SSRF with filter bypass via open redirection vulnerability
Lecture 70 Blind SSRF with out-of-band detection
Section 7: SQL injection
Lecture 71 SQL injection Methodology
Lecture 72 SQL injection Links and Slides
Lecture 73 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Lecture 74 SQL injection vulnerability allowing login bypass
Lecture 75 SQL injection UNION attack, determining the number of columns returned
Lecture 76 SQL injection UNION attack, finding a column containing text
Lecture 77 SQL injection UNION attack, retrieving data from other tables
Lecture 78 SQL injection UNION attack, retrieving multiple values in a single column
Lecture 79 SQL injection attack, querying the database type and version on Oracle
Lecture 80 SQL injection attack, querying the database type and version on MySQL and MS
Lecture 81 SQL injection attack, listing the database contents on non-Oracle databases
Lecture 82 SQL injection attack, listing the database contents on Oracle
Lecture 83 Blind SQL injection with conditional responses
Lecture 84 Blind SQL injection with conditional errors
Lecture 85 Blind SQL injection with time delays
Lecture 86 Blind SQL injection with time delays and information retrieval
Lecture 87 Blind SQL injection with out-of-band interaction
Lecture 88 Blind SQL injection with out-of-band data exfiltration
Lecture 89 SQL injection with filter bypass via XML encoding
Lecture 90 Visible error-based SQL injection
Section 8: OS command injection
Lecture 91 OS command injection Methodology
Lecture 92 OS command injection Links and Slides
Lecture 93 OS command injection, simple case
Lecture 94 Blind OS command injection with time delays
Lecture 95 Blind OS command injection with output redirection
Lecture 96 Blind OS command injection with out-of-band interaction
Lecture 97 Blind OS command injection with out-of-band data exfiltration
Section 9: Insecure Direct Object References (IDOR)
Lecture 98 Insecure Direct Object References (IDOR) Methodology
Lecture 99 Insecure Direct Object References (IDOR) Links and Slides
Lecture 100 IDOR Lab 1
Lecture 101 IDOR Lab 2
Lecture 102 IDOR Lab 3
Lecture 103 IDOR Lab 4
Section 10: XML external entity (XXE) injection
Lecture 104 XML external entity (XXE) injection Methodology
Lecture 105 XML external entity (XXE) injection Links and Slides
Lecture 106 Exploiting XXE using external entities to retrieve files
Lecture 107 Exploiting XXE to perform SSRF attacks
Lecture 108 Blind XXE with out-of-band interaction
Lecture 109 Blind XXE with out-of-band interaction via XML parameter entities
Lecture 110 Exploiting blind XXE to exfiltrate data using a malicious external DTD
Lecture 111 Exploiting blind XXE to retrieve data via error messages
Lecture 112 Exploiting XInclude to retrieve files
Lecture 113 Exploiting XXE via image file upload
Section 11: API Testing
Lecture 114 API Methodology
Lecture 115 API Links and Slides
Section 12: File upload vulnerabilities
Lecture 116 File upload vulnerabilities Methodology
Lecture 117 File upload vulnerabilities Links and Slides
Lecture 118 Remote code execution via web shell upload
Lecture 119 Web shell upload via Content-Type restriction bypass
Lecture 120 Web shell upload via path traversal
Lecture 121 Web shell upload via extension blacklist bypass
Lecture 122 Web shell upload via obfuscated file extension
Lecture 123 Remote code execution via polyglot web shell upload
Section 13: Java Script analysis
Lecture 124 Java Script analysis Methodology
Lecture 125 Java Script analysis Links and Slides
Lecture 126 Java Script Lab 1
Lecture 127 Java Script Lab 2
Lecture 128 Java Script Lab 3
Lecture 129 Java Script Lab 4
Section 14: Cross-origin resource sharing (CORS)
Lecture 130 Cross-origin resource sharing (CORS) Methodology
Lecture 131 Cross-origin resource sharing (CORS) Links and Slides
Lecture 132 CORS vulnerability with basic origin reflection
Lecture 133 CORS vulnerability with trusted null origin
Lecture 134 CORS vulnerability with trusted insecure protocols
Section 15: Business logic vulnerabilities
Lecture 135 Business logic vulnerabilities Methodology
Lecture 136 Business logic vulnerabilities Links and Slides
Lecture 137 Excessive trust in client-side controls
Lecture 138 High-level logic vulnerability
Lecture 139 Inconsistent security controls
Lecture 140 Flawed enforcement of business rules
Lecture 141 Low-level logic flaw
Lecture 142 Inconsistent handling of exceptional input
Lecture 143 Weak isolation on dual-use endpoint
Lecture 144 Insufficient workflow validation
Lecture 145 Authentication bypass via flawed state machine
Lecture 146 Infinite money logic flaw
Lecture 147 Authentication bypass via encryption oracle
Section 16: Registration flaws
Lecture 148 Registration flaws Methodology
Lecture 149 Registration flaws Slides
Section 17: Login flaws
Lecture 150 Login flaws Methodology
Lecture 151 Login flaws Slides
Section 18: Password reset flaws
Lecture 152 Password reset flaws Methodology
Lecture 153 Password reset flaws Slides
Lecture 154 Password reset broken logic
Lecture 155 Password reset poisoning via middleware
Lecture 156 Basic password reset poisoning
Section 19: Updating account flaws
Lecture 157 Updating account Methodology
Lecture 158 Updating account flaws Slides
Section 20: Developer tools flaws
Lecture 159 Developer tools Methodology
Lecture 160 Developer tools flaws Slides
Section 21: Analysis of the core application
Lecture 161 Analysis of the core application Methodology
Lecture 162 Analysis of the core application Slides
Section 22: Payment feature flaws
Lecture 163 Payment feature Methodology
Lecture 164 Payment feature flaws Slides
Section 23: Premium feature flaws
Lecture 165 Premium feature Methodology
Lecture 166 Premium feature flaws Slides
Section 24: Directory Traversal
Lecture 167 Directory Traversal Methodology
Lecture 168 Directory Traversal flaws Links and Slides
Lecture 169 File path traversal, simple case
Lecture 170 File path traversal, traversal sequences blocked with absolute path bypass
Lecture 171 File path traversal, traversal sequences stripped non-recursively
Lecture 172 File path traversal, traversal sequences stripped with superfluous URL-decode
Lecture 173 File path traversal, validation of start of path
Lecture 174 File path traversal, validation of file extension with null byte bypass
Section 25: Methodology to find most bugs
Lecture 175 Bug Finding Methodology
Lecture 176 Bug Finding Slides
Anybody interested in ethical web application hacking / web application penetration testing,Anybody interested in becoming a web application bug bounty hunter,Anybody interested in learning how hackers hack web applications,Developers looking to expand on their knowledge of vulnerabilities that may impact them,Anyone interested in application security,Anyone interested in Red teaming,Anyone interested in offensive security
Homepage
RAPIDGATOR:
Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6 | Part 7
NITROFLARE:
Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6 | Part 7
Last edited:
