Bug Bounty 1.0

A course designed with OWASP Top 10 vulnerabilities including practical demonstrations on real-time web applications will guide you the fastest way to get started in Bug Bounty, that will make you earn while you learn.


Course Type



Training Mode 

Recorded Series


10 HRS (Approx.)


Course Overview


Bug Bounty 1.0 is designed for learning OWASP Top 10 Web Application Vulnerabilities with practical demonstrations on real-time web applications. Majority of the tech companies’ setup their responsible disclosure policy or bug bounty program for their web applications first, as it can easily be tested by anyone remotely.

This course is a bundled with 25 video lectures covering 20+ vulnerabilities that falls in OWASP Top 10 with explanation of real-time security impact, recommendation etc. We have also shared 1 hour dedicated video on “Bug Bounty Roadmap” explaining ins and outs of the Bug Bounty World from scratch. Additionally, professional bug bounty report (VAPT Report) writing is covered in the video which makes this bundle super worthy for beginners in Bug Bounty & Web Application Security.

Salient Features

Exciting Bonus


  • Python
  • Java Runtime Environment
  • SQLMap
  • Burp Suite
  • What is Website?
  • What is Web Application?
  • Website Vs. Web Application
  • Categories of Websites/Web Applications
  • Technologies used in Websites/Web Applications
  • Brief Understanding on Database
  • Brief Understanding on OWASP & OWASP Top Web Application Security Risks
  • Information Gathering Using WHOIS
  • Extract Website Using Tools
  • Technology Information Gathering
  • What is Burp Suite?
  • Working of Burp Suite
  • Burp Suite Walkthrough
  • What are Google Dorks?
  • List of Key Google Dorks
  • Working of Google Dorks
  • Introduction to SQL Injection
  • MySQL Injection (Integer Based)
  • MySQL Injection (String Based)
  • Automating SQL Injection using sqlmap
  • Real-time Recorded Demonstration on SQL Injection
  • Attacking the Doors
  • Understanding and Identifying Session Management
  • Introduction to HTML
  • Introduction to JavaScript
  • Introduction to XSS
  • Working of XSS
  • Types of XSS
  • Real-time Recorded Demonstration of XSS
  • Finding XSS Using Google Dorks
  • Impact of XSS
  • Cookie Grabbing Using XSS
  • Preventive Measures for XSS
  • What is Insecure Direct Object Reference?
  • Identifying Insecure Direct Object Reference
  • Types of Insecure Direct Object Reference
  • Live Demonstration on Real Website
  • Exploiting Insecure Direct Object Reference
  • Impact of Insecure Direct Object Reference
  • Preventing Insecure Direct Object Reference
  • Sometimes, Robots are dumb!
  • Abusing XML Parser using LOL Attack
  • Abusing Unzipping Feature on Server
  • Man in the Middle Attack
  • Directory Leaks
  • Surface Web Intelligence
  • Credential Sniffing on Air
  • Directory Traversal
  • Local File Inclusion
  • Host Header Attack
  • Abusing Basic User to leverage Pro User benefits
  • What is Cross Site Request Forgery?
  • Identifying Cross Site Request Forgery
  • Types of Cross Site Request Forgery
  • Demonstration on Real Website
  • Exploiting Cross Site Request Forgery
  • Impact of Cross Site Request Forgery
  • Identifying the components
  • Detecting the vulnerabilities
  • Exploiting the vulnerabilities
  • Impact of this vulnerability
  • Preventing this vulnerability
  • Understanding how redirect works
  • Identifying the potential parameters
  • Exploiting the redirects and forwards
  • Impact of this vulnerability
  • Preventing this vulnerability
  • Bug Bounty Platforms
  • Open Bug Bounty Platforms
  • Closed Bug Bounty Platforms
  • Public Bug Bounty Platforms
  • Private Bug Bounty Platforms
  • Understanding Penetration Testing and Disclosure Policy
  • Interpretation of Disclosure Policy
  • Bug Hunting with Learned Techniques
  • Drafting a Professional Bug Bounty Report
  • Anatomy of a Bug Bounty Report
  • DOs & DONTs in a Bug Bounty Report
  • ‘HOW TO’ for each section of the report
  • Submission of a Bug Report to the Company
  • Course Complication Certificate