Course Overview
Welcome to the Practical Bug Bounty course crafted by TCM Security and Intigriti. This comprehensive course dives into identifying and responsibly exploiting application vulnerabilities, laying a solid foundation in Web Application Architecture and delving into the crucial OWASP Top 10. Participants will distinguish Bug Bounty Hunting from Penetration Testing, engage in hands-on simulations, and master key tools like Burp Suite.
The curriculum covers advanced evasion techniques and bypassing Web Application Firewalls (WAF), emphasizing ethical reporting and responsible disclosure.
The course concludes by guiding learners on strategically selecting Bug Bounty Programs and securing exclusive invites, paving the way for a rewarding career in Bug Bounty Hunting
Learning Objectives:
- Foundational Knowledge:
- Acquire an understanding of Web Application Architecture, essential web technologies, and the core principles of Web Application Security, including the OWASP Top 10.
- Strategies and Tools Mastery:
- Differentiate between Bug Bounty Hunting and Penetration Testing, master the use of essential tools like Burp Suite, and apply learned strategies and tools in real-world attack simulations.
- Advanced Techniques and Reporting:
- Develop skills in advanced evasion techniques, WAF bypassing, and craft comprehensive reports while applying principles of responsible disclosure and effective communication.
- Ethical Conduct and Career Development:
- Cultivate an ethical mindset, adhere to industry standards and legal frameworks, and gain insights into building a successful career in Bug Bounty Hunting.
Upon completion, participants will be invited to apply to Intigriti's Bug Bounty Platform to begin their journey in the bug bounty world. Students completing this course will be well-equipped to identify, exploit, and responsibly report vulnerabilities, laying a foundation for success in Bug Bounty Hunting.
System Requirements
8GB RAM & 256GB HDD
Up-to-Date OS & Internet Browser
Stable internet connection
Course Curriculum - 9.5 Hours
- Introduction to Local and Remote File Inclusion (LFI/RFI) (1:37)
- Local File Inclusion Attacks (4:20)
- Remote File Inclusion Attacks (7:38)
- File Inclusion Challenge Walkthrough (4:28)
- Introduction to SQL Injection (4:03)
- Basic SQL Injection Attacks (9:38)
- Blind SQL Injection Attacks - Part 1 (9:52)
- Blind SQL Injection Attacks - Part 2 (12:53)
- SQL Injection Challenge Walkthrough (5:36)
- Second Order SQL Injection (2:59)
- Introduction to Cross-Site Scripting (XSS) (4:50)
- Basic Cross-Site Scripting (XSS) Attacks (3:15)
- Stored Cross-Site Scripting (XSS) Attacks (7:38)
- Cross-Site Scripting (XSS) Challenge Walkthrough (3:24)
- Introduction to Command Injection (2:24)
- Command Injection Attacks (4:57)
- Blind Command Injection (3:57)
- Command Injection Challenge Walkthrough (4:04)
- Introduction to Server-Side Template Injection (SSTI) (1:08)
- Exploiting Server-Side Template Injection (SSTI) (5:14)
- Server-Side Template Injection (SSTI) Challenge Walkthrough (3:31)
- XML External Entity (XXE) Injection (5:55)
- Introduction to Insecure File Uploads (0:31)
- Insecure File Upload Client-Side Controls Bypass (8:48)
- Insecure File Upload Bypasses (9:13)
- Insecure File Uploads Challenge Walkthrough (3:29)
- Introduction to Cross-Site Request Forgery (CSRF) (1:53)
- Cross-Site Request Forgery (CSRF) Attacks (5:50)
- Cross-Site Request Forgery (CSRF) Token Bypass (5:40)
- Introduction to Server-Side Request Forgery (SSRF) (1:24)
- Exploiting Server-Side Request Forgery (SSRF) (4:06)
- Blind Server-Side Request Forgery (SSRF) (2:54)
- Introduction to Subdomain Takeovers (1:43)
- Open Redirects (2:19)
- Introduction to Vulnerable Components (1:33)
- Understanding CVSS: Part 1 (14:36)
- Understanding CVSS: Part 2 (14:44)
- Writing Effective Penetration Testing Reports (22:49)
- Vulnerability Reporting and Disclosure (VDP) (6:30)
- How to Write a Bug Bounty Report (6:42)
- Communicating with Clients and Triagers (10:37)
- Mistakes from Triager's Perspective (13:36)
- Section Quiz
Who is Intigriti?
Intigriti operates as a global crowdsourced security platform, connecting organizations with skilled cybersecurity professionals to identify and address real-world vulnerabilities. Offering services like assisted coordinated vulnerability disclosure, bug bounty, and Penetration Testing as a Service (PTaaS), Intigriti ensures safe and dependable products to handle vulnerability reports from their proficient community of ethical hackers and penetration testers.
Supported by leading European investment firms, Intigriti emphasizes integrating vulnerability disclosure processes, prioritizing compliance with ISO27001, GDPR, and NIS2. Renowned clients of Intigriti include Intel, Yahoo, Visma, Ubisoft, Randstad, Red Bull, and The European Commission.
This course is included in our All-Access Membership starting at $29.99/month
Get full access to the Practical Bug Bounty course and our full course catalog when you enroll in our All-Access Pass Membership.
Heath Adams
Heath Adams, also known as "The Cyber Mentor" on social media, is the founder and CEO of TCM Security, a cybersecurity consulting firm. As an ethical hacker, Heath is passionate about teaching and has educated over 170,000 students across platforms like Udemy, YouTube, Twitch, and INE. He holds numerous certifications including OSCP, OSWP, eCPPTX, eWPT, and CEH among others. Outside of his professional life, he's a husband, animal parent, hobbyist, and a military veteran.
Alex Olsen
Alex is a Web Application Security expert who has worked on projects ranging from small apps to enterprise-level web applications with millions of users. He is passionate about both creating and securing applications and advocates for early integration of cybersecurity (the shift-left movement). He educates various professionals on this subject. Alex possesses a Master's Degree in Computing and holds both CEH and OSCP certifications.
Jonah Burgess
Jonah (aka CryptoCat) is a member of the community team at Intigriti where he makes educational content, runs a monthly CTF challenge and provides support for the bug bounty community. Before joining Intigriti, he obtained an MSc in Cyber-Security and PhD focused on web malware detection. During that time, he was heavily involved in the production and delivery of content for the MSc, primarily the pen-testing and malware modules. He also holds penetration testing certifications, including OSCP and CPTS.
Courses Included in the All-Access Membership
Frequently Asked Questions
Can I get a refund if I'm unhappy with my purchase?
Yes. All purchases come with a 3-day money-back guarantee.
Will I receive a certificate of completion when I finish a course?
Yes. All courses come with a certificate of completion.
Do the courses count as Continuing Education Units (CEUs)?
Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.
What is the All-Access Pass?
As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.
What if you already own courses on TCM Academy?
If you already own a course on our platform, you will continue to own that course forever. Previously owned courses will not be affected by this change.