Live Web Application Bug Bounty Online Training by Essential Infosec is designed to introduce the candidates for the concept of vulnerability discovery through vulnerability behavior analysis, triaging security vulnerabilities, fuzzing, and determining the exploitability of crash conditions and positions.
Finding vulnerabilities in the modern web applications demand essential-tech acquaintance with multiple modern frameworks and an in-depth understanding of thousands of lines of code.
We will also be cover CVE CWE CAPEC SANS 25 Software Errors with Bug Hunting Methodology and with Live Demonstrations
We at Essential Infosec believes that Bug bounty is an act of finding vulnerabilities in the website, and can only be mastered by giving practical training to the students. We set up this course with organizations to encourage the students to report potential issues identified on their sites. Also, most of the Bugs will be Practically demonstrated to you on Live Modern WebApp, and not on any dummy WebApps. Essential Infosec "Big Bounty Training" will be completed in 4 modules, covering practical training as well. You will get immeasurable practical knowledge and proficiency in order to ensure that, there are no security flaws. A degree in Bug Bounty will give you a professional edge over your counterparts.
"Module-
WebApp Testing Methodologies that are Covered in this Module includes:
• Bugcrowd’s Vulnerability Rating Taxonomy
• Common Weakness Enumeration (CWE) Vulnerabilities
• SANS TOP 25 Most Dangerous Application Vulnerabilities
• Common Attack Pattern Enumeration and Classification (CAPEC)
Practical Recon Techniques for Bug Hunters
• Manual Subdomain Analysis and Discovery
• Automated Subdomain Analysis and Discovery
• Assets Identification Techniques
• Recon Automation using Bash Shell Scripting
• Finding live Targets from collected Subdomains
• Identifying Web Application Technologies & Frameworks
Content Discovery on Collected Subdomains
• Common Crawling & Sensitive Directory Enumeration
• Identifying Exposed Internal Admin Portal
• Identifying Exposed Internal IP Address
• Techniques for Identifying Sensitive Endpoints
• Techniques for Identifying Business API endpoints
• Testing for Default Configurations
• Analysis of Robots Disallowed file
Testing the Security of Amazon Cloud Services
• Techniques for Identifying Disclosed S3 Buckets
• Testing for Amazon AWS S3 bucket Read Permissions
• Testing for Amazon AWS S3 bucket Write Permissions
• Sensitive Data Disclosure Misconfigured S3 Buckets
• Testing for AWS S3 Bucket Metadata Leakage
Security Issues in Github Repositories
• Sensitive Data Disclosure on Public Git Repository
• Techniques for Identifying Disclosed .git folder
• Subdomain Pointing to Github Pages - Subdomain Takeover
BurpSuite Training for Bug Hunters
• Introduction to Burp: GUI, tools, audit workflow, inline help
• Automated Spidering and Scanning Web Application
• Target Module: Sitemap | Advanced Scope | Filter
• Proxy Module: Live modifications, interception and manual analysis
• Intruder Module: Covering every attack type and most payload types
• Repeater Module: live modifications and manual analysis
• Decoder Module: Decode -> Encode -> Decode Encryption
• Comparer Module: Manual analysis & Compare Request | Response
• Burpsuite Collaborator Client | External Service Interaction
Broken Authentication & Session Management Issues
• Session Expiration Issues
• Weak Login Function Issues
• Bypass Single factor Authentication
• Bypass Two factor (2FA) Authentication
• 2FA Missing Failsafe Issues (Account Takeover)
• Execution with Unnecessary Privileges
• OAuth Redirect_URI Issues (Token Hijacking)
• OAuth Permission Models Issues (Account Takeover)
• Exposure of Private Information ('Privacy Violation')
• Incorrect Permission Assignment for Critical Function
Exploiting Password Recovery Functionalities
• Password Reset Token is Not Invalidated After Use
• Password Reset Token Leakage via Referer
• Password Reset Token Sent Over HTTP
• Static Password Reset Tokens
Access Control Vulnerabilities and Privilege Escalation
• Missing Authorization Issues
• Improper Authorization Issues
• Insecure Direct Object References (IDOR)
• Unauthorized Access Via User Impersonation
• Authorization Bypass Through User-Controlled Key
• Account Takeover related Logical Issues
• User Enumeration (Sensitive Data Leaks)
Injection Vulnerabilities in Modern WebApps
• Introduction to Injection Vulnerabilities
• Finding All Possible Insertion Points
• Injection Vulnerability: Text Injection
• Injection Vulnerability: HTML Injection
• Injection Vulnerability: Cross Site Scripting
• Injection Vulnerability: Cookie Injections
• Injection Vulnerability: Host Header Injections
• Injection Vulnerability: Null Byte Injection
• Injection Vulnerability: CSV Injection
• Injection Vulnerability: SQL Injection
• Injection Vulnerability: LDAP Query Injections
• Injection Vulnerability: XPath Injection & Data Query Logic
• Injection Vulnerability: XML external entity (XXE) injection
Arbitrary Code Injection Vulnerabilities
• Apache Struts Vulnerability
• Remote Code Execution (RCE)
• Argument Injection or Parameter Tampering
• Server Side Template Injections (SSTI)
Vulnerabilities of Modern WebApps - Part One
• Directory Traversal Attacks
• Local File Inclusion Vulnerability
• Remote File Inclusion Vulnerability
• Unrestricted File Upload with Dangerous Type
• Parameter Pollution in Social Sharing Buttons
• URL Redirection to Untrusted Site (Open Redirect)
Vulnerabilities of Modern WebApps - Part Two
• Cross-Origin Resource Sharing (CORS) Attacks
• Cross-Site Request Forgery (CSRF) - Action Specific
• Cross-Site Request Forgery (CSRF) - Account Takeover
• Server-Side Request Forgery (SSRF) - Sensitive Action
• Server-Side Request Forgery (SSRF) - Remote Service Scan
Testing for Dos / Buffer Overflow Issues
• XML-RPC Pingback DoS Attack
• Incorrect Calculation of Buffer Size
• XML External Entity (DTD) DoS attacks
• Buffer Copy without Checking Size of Input
Rate Limiting Missing on Applications Functions
• No Rate Limiting on API EndPoints
• No Rate Limiting on Login Form
• No Rate Limiting on Registration
• No Rate Limiting on Password Reset Functions
• No Rate Limiting on SMS related endpoints | SMS-Triggering
• No Rate Limiting on Email related endpoints | Email-Triggering
Other Security Misconfigurations in Modern WebApps
• No Password Policy
• Mail Server Misconfiguration
• Using Default Credentials Accesses
• Missing Encryption of Sensitive Data
• Use of Broken or Risky Cryptographic Algorithm
• EXIF Geolocation Data Not Stripped From Uploaded Images
Application API Endpoint Analysis Tools
• Introduction to APIs
• Data Formats used with different APIs
• API Pentesting tool : Telerik Fiddler
• Intercepting API Endpoints with Fiddler
• Identifying data leaking APIs
"