One-time payment for life and future updates

11 hours on-demand video

Access on mobile and TV

Certificate of completion

Bug Bounty Hunting

Course Introduction
3 Lessons
- 1_Course_Introduction
  Start
- 2_Disclaimer
  Start
- Rules for asking Questions
  Start
OWASP TOP 10
10 Lessons
- What is OWASP and INJECTION
  Start
- 4_What_is_Broken_Authentication
  Start
- 5_What_is_Senstive_Data_Exposure
  Start
- 6_What_is_XML_External_Entities
  Start
- 7_What_is_Broken_Access_Control
  Start
- 8_What_is_Security_Misconfiguration
  Start
- 9_What_is_Cross_Site_Scripting_(XSS)
  Start
- 10_What_is_Insecure_Deserialization
  Start
- 11_What_is_Using_Components_with_Known_Vulnerabilities
  Start
- 12_What_is_Insufficient_Logging_and_Monitoring
  Start
Burp Suite and Lab Setup
1 Lesson
- 13_Burp_Suite_Proxy_Lab_Setup
  Start
Authentication Bypass
14 Lessons
- Auth bypass
  Start
- 14_Authentication_Bypass_Exploitation_Live_-1
  Start
- 15_Authentication_Bypass_Exploitation_Live_-2
  Start
- 16_Authentication_Bypass_Exploitation_Live_-3
  Start
- 17_Authentication_Bypass_Exploitation_Live_-4
  Start
- 18_Authentication_Bypass_Exploitation_Live_-5
  Start
- 19_Authentication_Bypass_Exploitation_Captcha
  Start
- 20_Authentication_Bypass_to_Account_Takeover_Live_-1
  Start
- 21_Authentication_Bypass_to_Account_Takeover_Live_-2
  Start
- 22_Authentication_Bypass_due_to_OTP_Exposure_Live_-1
  Start
- 23_Authentication_Bypass_due_to_OTP_Exposure_Live_-2
  Start
- 24_Authentication_Bypass_2FA_Bypass_Live
  Start
- 25_Authentication_Bypass_-_Email_Takeover_Live
  Start
- 26_Authentication_Bypass_Mitigations
  Start
No Rate Limit Attacks
15 Lessons
- 28_No_Rate-Limit_leads_to_Account_Takeover_Live_Type-1
  Start
- 29_No_Rate-Limit_leads_to_Account_Takeover_Live_Type_-2
  Start
- 30_No_Rate-Limit_leads_to_Account_Takeover_Live_Type_-3
  Start
- 31_No_Rate-Limit_leads_to_Account_Takeover_Live_Type_-4
  Start
- 32_No_Rate-Limit_leads_to_Account_Takeover_Live_Type_-5
  Start
- 33_No_Rate-Limit_to_Account_Takeover_Live_-_Type_6
  Start
- 34_No_Rate-Limit_to_Account_Takeover_Live_-_Type_7
  Start
- 35_No_Rate-Limit_Instagram_Report_Breakdown
  Start
- 36_No_Rate-Limit_Instagram_Report_Breakdown_2
  Start
- 37_No_Rate_Limit_Bypass_Report_Breakdown
  Start
- 38_No_Rate_Limit_Bypass_Report_Breakdown_2
  Start
- 39_No_Rate-Limit_to_Tool_Fake_IP_Practical
  Start
- 40_No_Rate-Limit_test_on_CloudFare
  Start
- 41_No_Rate-Limit_Mitigations
  Start
- 42_No_Rate-Limit_All_Hackerone_Reports_Breakdown
  Start
Cross Site Scripting (XSS)
35 Lessons
- 43_How_XSS_Works
  Start
- 44_Reflected_XSS_on_Live_1
  Start
- 45_Reflected_XSS_on_Live_2
  Start
- 47_Reflected_XSS_on_Live_3_Balanced
  Start
- 48_XSS_on_Limited_Inputs_Live_1
  Start
- 49_XSS_on_Limited_Inputs_Live_2
  Start
- 50_XSS_in_Request_Headers_-_Live
  Start
- 51_Reflected_XSS_Useragent_and_Caching
  Start
- 52_Reflected_XSS_Email_Validator_Live
  Start
- 53_Reflected_XSS_Protection_Bypass_Live_1_-_Base64
  Start
- 54_Reflected_XSS_Protection_Bypass_Live_-2
  Start
- 55_XSS_using_Spider
  Start
- 56_XSS_Bypass_Right_Click_Disabled
  Start
- 57_Blind_XSS_Exploitation
  Start
- 58_Stored_XSS_Exploitation_Live
  Start
- 59_DOM_XSS_Name
  Start
- 60_DOM_XSS_Redirect
  Start
- 61_DOM_XSS_Index
  Start
- 62_XSS_on_Live_by_Adding_Parameters
  Start
- 63_XSS_Mouse_on_Lab
  Start
- 64_XSS_Mouse_Live
  Start
- 65_XSS_Mouse_Events_All_Types
  Start
- 66_XSS_Polyglots_Live
  Start
- 67_XSS_Polyglots_Breakdown
  Start
- 68_XSS_Exploitation_-_URL_Redirection
  Start
- 69_XSS_Exploitation_-_Phishing
  Start
- 70_XSS_Exploitation_Cookie_Stealer_Lab
  Start
- 71_XSS_Exploitation_Cookie_Stealer_Live
  Start
- 72_XSS_Exploitation_File_Upload_Type_-2
  Start
- 73_XSS_Exploitation_File_Upload_Type_-3
  Start
- 74_XSS_Exploitation_File_Upload_Type-_1
  Start
- 75_XSS_Mitigations
  Start
- 76_XSS_Bonus_TIPS_and_TRICKS
  Start
- 77_XSS_Hackerone_ALL_Reports_Breakdown
  Start
- 78_XSS_Interview_Questions_and_Answers
  Start
Cross Site Request Forgery (CSRF)
17 Lessons
- 79_How_CSRF_Works
  Start
- CSRF_Alternative_Tools_Introduction
  Start
- Alternative_to_Burp_Suite_for_CSRF
  Start
- 80_CSRF_on_LAB
  Start
- 81_CSRF_on_LAB_-_2
  Start
- 82_CSRF_on_Live_-1
  Start
- 83_CSRF_on_Live_-2
  Start
- 84_CSRF_Passoword_Change_Lab
  Start
- 85_CSRF_Funds_Transfer_Lab
  Start
- 86_CSRF_Request_Methods_Trick_-_Lab
  Start
- 87_CSRF_to_Account_Takeover_Live_-1
  Start
- 88_CSRF_to_Account_Takeover_Live_-2
  Start
- 89_Chaining_CSRF_with_XSS
  Start
- 90_CSRF_Mitigations
  Start
- 91_CSRF_BONUS_Tips_and_Tricks
  Start
- 92_CSRF_ALL_Hackerone_Reports_Breakdown
  Start
- 93_CSRF_Interview_Questions_and_Answers
  Start
Cross Origin Resource Sharing (CORS)
10 Lessons
- 94_How_CORS_Works
  Start
- 95_CORS_3_Test_Cases_Fundamentals
  Start
- 96_CORS_Exploitation_Live_-2_Exfiltration_of_Account_Details
  Start
- 97_CORS_Exploitation_Live_-3_Exfiltration_of_Account_Details
  Start
- 98_CORS_Live_Exploitation_-4
  Start
- 99_CORS_Exploitation_Facebook_Live
  Start
- 100_CORS_Live_Prefix_Match
  Start
- 101_CORS_Live_Suffix_Match
  Start
- 102_CORS_Mitigations
  Start
- 103_CORS_Breakdown_of_ALL_Hackerone_Reports
  Start
How to start with Bug Bounty Platforms and Reporting
5 Lessons
- 104_BugCrowd_ROADMAP
  Start
- 105_Hackerone_ROADMAP
  Start
- 106_Open_Bug_Bounty_ROADMAP
  Start
- 107_NCIIPC_Govt_of_Inida_ROADMAP
  Start
- 108_RVDP_All_Websites_ROADMAP
  Start
Bug Bounty Reporting Templates
1 Lesson
- Reporting Templates
  Start
Exploitation of CVE 2020-5902 Remote Code Execution
3 Lessons
- Exploitation
  Start
- Assets & Resources
  Start
- Final Words
  Start
Exploitation of CVE 2020-3452 File Read
1 Lesson
- Exploitation of CVE 2020-3452 File Read
  Start
Exploitation of CVE 2020-3187 File Delete
1 Lesson
- Exploitation of CVE 2020-3187 File Delete
  Start

Web Application Pentesting & Bug Bounty Hunting

Overview
Welcome to Ethical Hacking / Penetration Testing and Bug Bounty Hunting Course. This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them. This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment.

This course will start from basic principles of each vulnerability and How to attack them using multiple bypass techniques, In addition to exploitation, you will also learn how to fix them. This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug hunting journey.

We will start from the basics of OWASP to the exploitation of vulnerabilities leading to Account Takeover on live websites. This course is divided into a number of sections, each section covers how to hunt, exploit and mitigate a vulnerability in an ethical manner. After identification of a vulnerability, we will exploit to leverage the maximum severity out of it. We will also learn how to fix vulnerabilities which are commonly found on the websites on the internet.

In this course, you will also learn How can you start your journey on many famous bug hunting platforms like Bugcrowd, Hackerone and Open Bug Bounty.
Along with this, you will be able to hunt and report vulnerabilities to NCIIPC Government of India, also to private companies and to their responsible disclosure programs. You will also learn Advance techniques to bypass filters and the developers logic for each kind of vulnerability. I have also shared personal tips and tricks for each attacks where you can trick the application and find bugs quickly.

This course also includes the Breakdown of all Hackerone Reports which are found and submitted by other hackers for better understanding as we will cover each type of technique in the course. This course also includes important interview questions and answers which will be helpful in any penetrating testing job interview.

You will also get additional BONUS sessions, in which we are going to share our personal approach for hunting bugs. All the videos are recorded on Live websites so that you understand the concepts as well as you get comfortable to work on a live environment. I have also added Interview Questions and answers for each attack which will be helpful for those are preparing for Job Interviews and Internships in the field of Information Security.

With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible.

Rohit Gautam

I am Rohit Gautam the CEO & Founder of Hacktify Cyber Security

I am into Cyber Security Training for many years. Students have loved my courses and given 5 ★ Ratings and made Bestseller.

My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.

Apart from training's, I'm a security researcher with special interest in network exploitation and web application security analysis and Red Teaming

I have worked for all the topmost banks of India in their VAPT Team.

I have worked with ICICI, Kotak, IDFC bank I have also experience working with NSDL and some financial organizations like Edelweiss

I have worked on many private projects with NTRO & Govt of India.

I was acknowledged with Swag, Hall of Fame, Letter Of Appreciation, and Monetary rewards by Google, Apple, Facebook, Conclusion, Seek, Trip Advisor, Riddlr, Hakon, Acorns, Faasos, and many more companies for finding out vulnerabilities in their organization and responsibly reporting it.

Shifa Cyclewala

Hello,
I am Shifa Cyclewala the Founder of Hacktify Cyber Security

I am into Cyber Security Training for many years. Students have loved our courses and given 5 ★ Ratings and made Bestseller across Mumbai

My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.

Apart from training's, I'm a Security researcher and a Mobile Application Developer.

I have worked for all the topmost international schools of India as a technical Instructor.

I have worked with Software development Companies into their development team ZingHR was the last organization i worked with.

I am Working towards development of Women in Cybersecurity and

• Presented Cyber security awareness sessions in many colleges across Mumbai

• Speaker at VULNCON 2020

• Trained more than 1000+ individuals in Cyber Security

• Conducted more than 50 workshops pan India

• Invited as Keynote speaker at Rohidas Management Studies, A.E Khalsekar College, DY Patil College, Shah and Anchor Engineering College, KJ Somaiya etc..

• Invited as a Key Speaker at Women in Cyber Security (WCS) and Infosec Girls.