Description
This course will cover the majority of the OWASP TOP 10 vulnerabilities as well as Web Application Penetration Testing. You will begin as a newbie with no previous experience in bug bounty hunting or penetration testing.
After completing this training, you will be a smart Bug Bounty Hunter. The act of discovering security vulnerabilities or bugs in a website and responsibly exposing them to that company's security team in an ethical manner is known as bug bounty hunting. Companies set up bug bounties, also known as responsible disclosure programs, to encourage individuals to report possible bugs found on their websites. Some firms will award a researcher with a bounty, swag, or inclusion in their hall of fame. If you are interested in online application security, they provide an excellent area for you to hone your talents while possibly earning some rewards and enhancing your reputation.
Who is this course for?
- Bug bounty hunters
- Ethical hackersÂ
- Penetration testers
- Security analysts
- Developers
- CISO - Chief information security officer
- Security administratorsÂ
- SOC Analysts - Security operations center
- Ethical hacking enthusiast
Why take it NOW?
Offensive security skills are in high demand in the job market, making it a valuable area of expertise for those interested in a career in information security.
Why this course?
There are several reasons why studying offensive security is important. First, understanding how attackers think and operate can help organizations better protect their systems and data. By learning about common attack methods and vulnerabilities, organizations can identify and remediate potential weaknesses before they are exploited. Additionally, with the increasing reliance on technology in all aspects of life, the number and sophistication of cyberattacks are on the rise, making it even more critical for individuals and organizations to understand and defend against them.
Course benefits:
What skills will you gain?​​ ​​​ ​​ ​ ​​​​​
- Web security testingÂ
- Automated security testing
- Manual security testing
- Bug hunting skills
- Think outside of the boxÂ
- Vulnerability assessment
- Hacker mindset
What tools will you use?
- Kali Linux
- Burp Suite community edition
Course general information:Â
DURATION: 3 hours
CPE POINTS: On completion you get a certificate granting you 3 CPE points.Â
Course launch date: March 6th, 2023
Course format:Â
- Self-paced
- Pre-recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- A computer system with 40GB of storage and min 8GB of RAM
- Internet connectivity
- Kali Linux
- Burp Suite community edition Â
- Virtual Box or VMWARE workstation
What should you know before you join?
- A computer system with 40GB of storage and min 8GB of RAM
- Virtual box or VMWARE skills Â
- LinuxÂ
- Familiar with web languages
YOUR INSTRUCTOR - Youssef Khaoulaj
Youssef is a security researcher specialized in finding web applications, cloud, blockchain and smart contract vulnerabilities. He has more than 8 years of experience in the field of information security that varies from Web Application Security, Incident Handling, Cloud Security, Network Security, Blockchain and Smart Contract Security. Youssef has more than 3 years of experience in the field of Blockchain and Smart Contract with a good knowledge in Decentralized Applications Development. He has spoken at numerous conferences and published many papers and reports in the area of hacking and smart contract auditing.Â
He has received many recommendations from EX-Pentagon cybersecurity engineers, IT security trainers in Australia and his supervisor System administrator USA.
COURSE SYLLABUS
Module 0
Before the course
An overview of OWASP Top 10 and introduction to Bug Bounty Hunting.
Module 1
Information Gathering
The initial phase in the pentesting procedure is reconnaissance or information collecting. A pentester can find possible security flaws that an attacker could exploit by performing recon in a methodical manner. In pentesting, the pen analyzer serves as a malicious pariah and reenacts an attack to detect security flaws. Â
Module 1 covered topics:Â
- Nmap
- Burp SuiteÂ
- Directory listing
- FingerprintingÂ
- MetasploitÂ
- Brute force
Module 1 exercises:
- Hands-on exercises testing your understanding of the module.
Module 2
SQL Injection
SQL injection is a type of cyber-attack in which an attacker inserts malicious SQL code into a web form input field to gain unauthorized access to a database. This can allow the attacker to view, modify, or delete sensitive data in the database.
Module 2 covered topics:
- Burp SuiteÂ
- FingerprintingÂ
- Brute force
- SQL injection
Module 2 exercises:
-
Hands-on exercises testing your understanding of the module.
Module 3
Unauthenticated Remote Code Execution
Unauthenticated Remote Code Execution (RCE) is a type of vulnerability that allows an attacker to execute arbitrary code on a remote system without any authentication. This can be achieved by exploiting a flaw in the software that is running on the system. Unauthenticated RCE can be particularly dangerous because it does not require the attacker to have any valid credentials, and it can allow them to gain full control over the affected system.
Module 3 covered topics:
- Burp SuiteÂ
- FingerprintingÂ
- Unauthenticated RCE
- SSH
Module 3 exercises:
- Hands-on exercises testing your understanding of the module.
Module 4
Code review
Code review is a process in which one or more pen testers examine source code to check for errors, bugs, and best practices. This can be done manually or with the help of automated tools. The goal of code review is to identify and fix problems before the code is deployed, and to improve the overall quality, security and maintainability of the codebase.
Module 4 covered topics:
- Burp SuiteÂ
- Code reviewÂ
- SSH
- Directory listing
Module 4 exercises:
- Hands-on exercises testing your understanding of the module.
Contact
Reviews
There are no reviews yet.