If you ever dreamed of becoming a bounty hunter, your dreams can come true — without changing your name to “Dog” or facing Han Solo in a Mos Eisley cantina. Become a bug bounty hunter: A hacker who is paid to find vulnerabilities in software and websites.
Anyone with computer skills and a high degree of curiosity can become a successful finder of vulnerabilities. You can be young or old when you start. The main requirement is that you need to keep learning continuously. Also, it’s more fun to learn if you have a buddy to share ideas with. Here is how I became a security hacker.
More people have access to the internet than ever before. This has prompted many organizations to develop web-based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers.
In this COURSE, we will introduce you to web applications hacking techniques and the counter measures you can put in place to protect against such attacks.
- Basics and Terminologies
- Types of Vulnerabilities
- Vulnerability Scanners
- Unvalidated Redirects and Forwards
- Advance Recon
- Google Hacking Database
- Burp Suite Mastering
- XSSing Client-Side Dynamic HTML.
- HTML Injection
- Cookie Poisioning
- Broken Authentication
- Denial oF Service Attack
- Cross-Site Request Forgery (CSRF)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Bypassing CSRF protections with ClickJacking
- Shell Uploading
- Sql Injection Attack
- Hibernate Query Language Injection
- Command Injection
- SSRF to RCE
- Local file inclusion
- Remote File inclusion
- Remote Code Execution Attacks
- XML Entity Injection
- Symlinking – An Insider Attack
- CAPTCHA Re-Riding Attack
- SQL Injection – the goal of this threat could be to bypass login algorithms, sabotage the data, etc.
- Denial of Service Attacks– the goal of this threat could be to deny legitimate users access to the resource
- Cross Site Scripting XSS– the goal of this threat could be to inject code that can be executed on the client side browser.
- Cookie/Session Poisoning– the goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access.
- Form Tampering – the goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices.
- Code Injection – the goal of this threat is to inject code such as PHP, Python, etc. that can be executed on the server. The code can install backdoors, reveal sensitive information, etc.
- Defacement– the goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message.
Live Online VILT (Virtual Instructor Led Training) is a live, interactive virtual classroom solution delivered right to your computer via the Internet. Live OnlineVILT classes are led by expert certified, experienced instructors who deliver compelling learning during conveniently scheduled class times.