0% found this document useful (0 votes)

562 views7 pages

Levelup0X Bug Bounty Hunting Training PDF

The document outlines the syllabus for a Levelup0X Bug Bounty Hunting Training course which will provide both basic and intermediate practical training on finding vulnerabilities in live modern web applications covering over 200 bugs and vulnerabilities using methodology from Bugcrowd VRT, SANS Top 25 errors, OWASP CWE and CAPEC. Students will learn tools like Burp Suite and methodology for starting a freelance career in security research and bug bounty hunting.

Uploaded by

Mohamed said

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

562 views7 pages

Levelup0X Bug Bounty Hunting Training PDF

Uploaded by

Mohamed said

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 7

Bug Bounty Hunting |

WebApp Pentest
Training
Live Websites Practice

Syllabus: Levelup0X Bug Bounty Hunting Training
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Requisite: Basic Knowledge of WebApp and Vulnerability

Level: Basic -> Intermediate

Training Level: Each Bugs we will Practically demonstrate you on Live Modern WebApp not
on dummy WebApps

Why you Join us :

01. 100% #Practical on #Live Secure | Unsecure web applications
02. Covered 200+ Bugs & Vulnerabilities with two-time practicals
03. Real-time Challenges with every Training Modules
04. Customized Training also provide for InfoSec Employer
05. We cover CVE+CWE+CAPEC+SANS 25 Software Errors

Reconnaissance & Source Code Analysis

● Dynamic Analysis of Web Application Source Code

● Dynamic Analysis of Complete JavaScript Source
● Enumeration of Publicly Accessible Cloud Storage
● Common Crawling & Sensitive Directory Enumeration
● Manual & Automated Subdomain Analysis | Discovery
● Identifying & Testing for Subdomain Takeover Issues

Testing for Authentication Issues

● Improper Authorization
● Improper Authentication
● Weak Login Function Issues
● Bypass Single factor Authentication
● Bypass Two factor (2FA) Authentication
● Execution with Unnecessary Privileges
● Insecure Direct Object Reference (IDOR)
● Account Takeover related Logical Issues
● Exploiting Forgot Password Functionality
● Bypass Authentication on Critical Functions
● Session Expiration & Session Fixation Issue
● OAuth Redirect_URI Issues (Token Hijacking)
● User Impersonation vulnerability | Exploitation
● Authorization Bypass Through User-Controlled Key
● OAuth Permission Models Issues (Account Takeover)
● Improper Permission Assignment for Critical Resource

Testing for Web Application Encryptions

● Missing Required Cryptographic Step

● Cleartext Transmission of Session Token
● Exploitaing Encrypted Cookies | Sessions
● Cleartext Storage of Sensitive Information
● Exploiting Encrypted Password Reset Tokens
● Exploiting Encrypted Coupon Codes from Source
● Use of a Broken or Risky Cryptographic Algorithm

Testing for Arbitrary Injections

● CSV Injection
● CSS Injections
● CRLF Injections
● Iframe Injection
● Cookie Injections
● LDAP Query Injections
● Host Header Injections
● Apache Struts Vulnerability
● Remote Code Executions (RCE)
● XML External Entity Injection
● HTML5 Security & HTML Injections
● Argument Injection or Modification
● XPath Injection & Data Query Logic
● Server Side Template Injections (SSTI)

Testing for Sensitive Data Exposure

● Password Disclosure
● Full Path Disclosure
● Sensitive Token in URL
● Internal IP Disclosure
● Token Leakage via Referer
● Directory Listing Enabled
● Default Credentials Issues
● Disclosure Private API Keys
● Default/Config Files Testing
● Detailed Server Configuration
● Exposed Internal Admin Portal
● Disclosure Private Git Repository
● Mixed Content (HTTPS Sourcing HTTP)
● User Enumeration (Sensitive Data Leaks)
● DBMS Misconfiguration Excessively Privileged User
● EXIF Geolocation Data Not Stripped From Uploaded Images

Testing for Traditional Security Issues

● Directory Traversal Attacks

● Remote File Inclusion Vulnerability
● Cross-Site Request Forgery (CSRF) Attacks
● Server-Side Request Forgery (SSRF) Attacks
● Cross-Origin Resource Sharing (CORS) Attacks
● SSL Attack (BREACH, POODLE, HEARTBLEED)
● Unrestricted File Upload with Dangerous Type
● URL Redirection to Untrusted Site (Open Redirect)

Testing for Dos / Buffer Overflow Issues

● XML-RPC Pingback DoS Attack

● Incorrect Calculation of Buffer Size
● XML External Entity (DTD) DoS attacks
● Buffer Copy without Checking Size of Input

Testing for Common Issues

● Captcha Bypass Attacks

● DNS Zone Transfer Issues
● Clickjacking (UI Readdressing)
● Deserialization of Untrusted Data
● Missing Authentication for Critical Function
● Parameter Pollution in Social Sharing Buttons

Testing for Low Priority issues

● JSON Hijacking
● No Password Policy
● Same-Site Scripting Issues
● Lack of Notification Email
● Lack of Verification Email
● Mail Server Misconfiguration
● Reflected File Download (RFD)
● Weak Registration Implementation
● Missing Secure or HTTPOnly Cookie Flag
● No Rate Limiting on Login | Registration
● No Rate Limiting on SMS | Email-Triggering
● Race Conditions Enabled on Applications Functions

Vulnerability Analysis Tools

● API Testing with Telerik Fiddler

● Bug Hunting | Behaviour Analysis with Burpsuite

Penetration Testing Methodology & Standard we covered

● Bugcrowd Vulnerability Rating Taxonomy (VRT)

● SANS Top 25 Most Dangerous Applications Errors
● Owasp CWE : Vulnerabilities in Modern Web Applications
● Common Attack Pattern Enumeration and Classification (CAPEC)

Start your own Freelance Career and How to take Projects from
Companies | Online Sources

● We will guide you how to take IT Security Govt Projects

● We will guide you how to take Online Freelance Projects
● We will guide you how to work in Companies as Freelancer
● We will guide you how to take Projects from Corporate Companies

Broken Access Control
No ratings yet
Broken Access Control
3 pages
Ethical Hacking Course From KYAnonymous
No ratings yet
Ethical Hacking Course From KYAnonymous
135 pages
En37ser 1
100% (2)
En37ser 1
994 pages
R33640G1 Eng
No ratings yet
R33640G1 Eng
2 pages
SQL Injection
No ratings yet
SQL Injection
41 pages
CORGIBUCKS Statement of Work
No ratings yet
CORGIBUCKS Statement of Work
7 pages
Docs - Ninjutsu OS
No ratings yet
Docs - Ninjutsu OS
78 pages
DIS10.1 Ethical Hacking and Countermeasures
No ratings yet
DIS10.1 Ethical Hacking and Countermeasures
14 pages
Essay Negative Effects of Social Media
No ratings yet
Essay Negative Effects of Social Media
3 pages
Android Bug Bounty Training For InfoSec Startups PDF
No ratings yet
Android Bug Bounty Training For InfoSec Startups PDF
8 pages
Building Telephony Systems with OpenSER
From Everand
Building Telephony Systems with OpenSER
Goncalves Flavio E.
No ratings yet
Kali Linux Penetration Testing Ethical Hacking
No ratings yet
Kali Linux Penetration Testing Ethical Hacking
14 pages
Ultimate Penetration Testing with Nmap: Master Cybersecurity Assessments for Network Security, Monitoring, and Scanning Using Nmap (English Edition)
From Everand
Ultimate Penetration Testing with Nmap: Master Cybersecurity Assessments for Network Security, Monitoring, and Scanning Using Nmap (English Edition)
Travis DeForge
No ratings yet
Build Your Own Mobile App Using Ionic and Drupal 8
No ratings yet
Build Your Own Mobile App Using Ionic and Drupal 8
9 pages
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Syllabus MASPTv2 PDF
No ratings yet
Syllabus MASPTv2 PDF
20 pages
Penetration Testing Web Application - Web Application (In) Security
No ratings yet
Penetration Testing Web Application - Web Application (In) Security
2 pages
Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce
From Everand
Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce
Jane LeClair
No ratings yet
Web 200 Syllabus
No ratings yet
Web 200 Syllabus
11 pages
Internetworking Technology Handbook
No ratings yet
Internetworking Technology Handbook
8 pages
Bug Bounty Hunting - Complete Guide To An Innovative Earning Process
No ratings yet
Bug Bounty Hunting - Complete Guide To An Innovative Earning Process
4 pages
Blue Walkthrough Hack The Box
No ratings yet
Blue Walkthrough Hack The Box
15 pages
Researching Network Attacks and Security Audit Tools
95% (22)
Researching Network Attacks and Security Audit Tools
15 pages
07-Flash Security
No ratings yet
07-Flash Security
3 pages
Trackpad Ver. 2.0 Class 4
From Everand
Trackpad Ver. 2.0 Class 4
Nidhi Arora
No ratings yet
XSS Payloads
No ratings yet
XSS Payloads
21 pages
© 2018 Caendra Inc. - Hera For Waptv3 - SQL Injection
No ratings yet
© 2018 Caendra Inc. - Hera For Waptv3 - SQL Injection
41 pages
Frida Tutorial 2 - HackTricks
No ratings yet
Frida Tutorial 2 - HackTricks
7 pages
Penetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Introduction To Web-Application Penetration Testing
No ratings yet
Introduction To Web-Application Penetration Testing
27 pages
The-Web-Application-Hackers JRN English 1113 1
No ratings yet
The-Web-Application-Hackers JRN English 1113 1
1 page
Iintroduction To Penetration Testing
No ratings yet
Iintroduction To Penetration Testing
56 pages
Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools
From Everand
Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools
Dr. Hidaia Mahmood Alassoulii
No ratings yet
Web Application Security Adithyan AK
No ratings yet
Web Application Security Adithyan AK
64 pages
Bookmark List
No ratings yet
Bookmark List
3 pages
A Study On Removal Techniques of Cross-Site From Web Application
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
7 pages
Mobile and Wireless Communication Syste
No ratings yet
Mobile and Wireless Communication Syste
5 pages
What Is Bug Bounty Hunting
100% (1)
What Is Bug Bounty Hunting
36 pages
Cybersecurity
No ratings yet
Cybersecurity
10 pages
MASPT at A Glance
No ratings yet
MASPT at A Glance
14 pages
Wireshark Slides PDF
No ratings yet
Wireshark Slides PDF
11 pages
Penetration Testing Learning Kit
No ratings yet
Penetration Testing Learning Kit
51 pages
Internet and Web Technology B.E. 6th Sem I.T.
No ratings yet
Internet and Web Technology B.E. 6th Sem I.T.
203 pages
Reflected Cross Site Scripting (XSS) Attacks
No ratings yet
Reflected Cross Site Scripting (XSS) Attacks
4 pages
MobileAppTracking Android SDK
No ratings yet
MobileAppTracking Android SDK
18 pages
BWAPP Training
100% (1)
BWAPP Training
30 pages
IT Data Security: Assignment-1
No ratings yet
IT Data Security: Assignment-1
12 pages
Owasp Top 10
No ratings yet
Owasp Top 10
41 pages
Business Profile
No ratings yet
Business Profile
5 pages
Kyrion Ethical Hacking Workshop Handouts
100% (1)
Kyrion Ethical Hacking Workshop Handouts
43 pages
Altoro PDF
No ratings yet
Altoro PDF
101 pages
Kali Linux Web Penetration Testing Cookbook Sample Chapter PDF
100% (1)
Kali Linux Web Penetration Testing Cookbook Sample Chapter PDF
31 pages
Complete Cross Site Scripting Walkthrough
No ratings yet
Complete Cross Site Scripting Walkthrough
23 pages
4G, 5G and Its Beyond Technology 6G
57% (7)
4G, 5G and Its Beyond Technology 6G
33 pages
Basic Pentest Training
No ratings yet
Basic Pentest Training
67 pages
Blockchain Pentesting
No ratings yet
Blockchain Pentesting
3 pages
Set 19 (Q541 To Q570) - CEH v11
No ratings yet
Set 19 (Q541 To Q570) - CEH v11
8 pages
Network Vulnerability Scanning: By:-Prachee Ratnaparkhi Msc-Ii, Roll - No. 17
No ratings yet
Network Vulnerability Scanning: By:-Prachee Ratnaparkhi Msc-Ii, Roll - No. 17
14 pages
Courseware Sample
No ratings yet
Courseware Sample
8 pages
Web Application Penetration Testing Course URLs
No ratings yet
Web Application Penetration Testing Course URLs
10 pages
Burp Suite Cheat Sheet by Codelivly
No ratings yet
Burp Suite Cheat Sheet by Codelivly
5 pages
SDN - Software Defined Networking
No ratings yet
SDN - Software Defined Networking
22 pages
Practical Malware Prevention
From Everand
Practical Malware Prevention
Michael Kelley
No ratings yet
U4-Introduction To Wearable Devices
No ratings yet
U4-Introduction To Wearable Devices
116 pages
02 - Case Study - The Impact of The Internet of Things in Supply Chain 4.0-2
No ratings yet
02 - Case Study - The Impact of The Internet of Things in Supply Chain 4.0-2
16 pages
Esco Cable Shovel Specifications
No ratings yet
Esco Cable Shovel Specifications
72 pages
Instalacion V2Track - Boletin Bi 25/17 Rev.0 - Ec-Gpf: EMC Source/Victim Matrix
No ratings yet
Instalacion V2Track - Boletin Bi 25/17 Rev.0 - Ec-Gpf: EMC Source/Victim Matrix
1 page
Transcriberguide
No ratings yet
Transcriberguide
16 pages
Word 2016 - Smart Art Graphics Worksheet
No ratings yet
Word 2016 - Smart Art Graphics Worksheet
2 pages
Technical Specification
No ratings yet
Technical Specification
2 pages
Type of Wagons
No ratings yet
Type of Wagons
24 pages
Lean, Agile or Leagile Matching Your Supply Chain To The Ma
No ratings yet
Lean, Agile or Leagile Matching Your Supply Chain To The Ma
10 pages
First Boot Log
No ratings yet
First Boot Log
2 pages
Fdez. Jove - Valvula 3 Vías - (SFERACO)
No ratings yet
Fdez. Jove - Valvula 3 Vías - (SFERACO)
12 pages
Design Journeys Through Complex Systems Tools Posters
100% (1)
Design Journeys Through Complex Systems Tools Posters
41 pages
13.2.3.7 Lab - Bitlocker and Bitlocker To Go Ety
0% (1)
13.2.3.7 Lab - Bitlocker and Bitlocker To Go Ety
3 pages
Kurzweil Pc3k8
No ratings yet
Kurzweil Pc3k8
425 pages
KC 60227-1
No ratings yet
KC 60227-1
24 pages
Statemnet
No ratings yet
Statemnet
2 pages
Tectonic BMRWhitePaper Rev2.0 2019-1
No ratings yet
Tectonic BMRWhitePaper Rev2.0 2019-1
15 pages
Lm-80 Test Report: Everlight Electronics Co., LTD
No ratings yet
Lm-80 Test Report: Everlight Electronics Co., LTD
13 pages
GPIL SOP For Operation
No ratings yet
GPIL SOP For Operation
5 pages
Liebherr Crane LTM 1220-5.2
100% (2)
Liebherr Crane LTM 1220-5.2
18 pages
102 Evolution of Computers
No ratings yet
102 Evolution of Computers
74 pages
Instruction Manual (Window Wiper)
No ratings yet
Instruction Manual (Window Wiper)
15 pages
Walker PaulVirilioGeorges 2001
No ratings yet
Walker PaulVirilioGeorges 2001
5 pages
Hardware Implementation of OTFS Modulation Using CORDIC Algorithm
No ratings yet
Hardware Implementation of OTFS Modulation Using CORDIC Algorithm
5 pages
Recovery Boilers With High Reliability and High Power Generation
No ratings yet
Recovery Boilers With High Reliability and High Power Generation
2 pages
Network Management (1,2,3)
No ratings yet
Network Management (1,2,3)
39 pages
LGE2301
No ratings yet
LGE2301
5 pages

Levelup0X Bug Bounty Hunting Training PDF

Uploaded by

Levelup0X Bug Bounty Hunting Training PDF

Uploaded by

B​ug Bounty Hunting |

Level: Basic -> Intermediate

Why you Join us :

Reconnaissance & Source Code Analysis

● Dynamic Analysis of Web Application Source Code

Testing for Authentication Issues

Testing for Web Application Encryptions

● Missing Required Cryptographic Step

Testing for Arbitrary Injections

Testing for Sensitive Data Exposure

Testing for Traditional Security Issues

● Directory Traversal Attacks

Testing for Dos / Buffer Overflow Issues

● XML-RPC Pingback DoS Attack

Testing for Common Issues

● Captcha Bypass Attacks

Testing for Low Priority issues

Vulnerability Analysis Tools

● API Testing with Telerik Fiddler

Penetration Testing Methodology & Standard we covered

● Bugcrowd Vulnerability Rating Taxonomy (VRT)

● We will guide you how to take IT Security Govt Projects

You might also like

Bug Bounty Hunting |