Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Security & Bug Bounty: Learn Penetration Testing
Introduction To Bug Bounty
Web Security & Bug Bounty (1:42)
Course Outline (6:08)
Exercise: Meet Your Classmates and Instructor
What is Penetration Testing? (5:43)
What is a Bug Bounty? (6:35)
Course Resources + Guide
ZTM Plugin + Understanding Your Video Player
Set Your Learning Streak Goal
Our Virtual Lab Setup
Virtual Box, Kali Linux Download (11:09)
Important- New Kali Linux Categories (1:26)
Kali Linux Installation (12:14)
OWASPBWA Installation (8:35)
Creating TryHackMe Account (2:47)
2 Paths (2:05)
Let's Have Some Fun (+ Free Resources)
Website Enumeration & Information Gathering
Website Enumeration - Theory (4:59)
Google Dorks (11:28)
Ping, Host, Nslookup ... (7:21)
Whatweb (8:52)
Dirb (6:20)
Nmap (11:27)
Nikto (6:32)
Unlimited Updates
Introduction To Burpsuite
Burpsuite Configuration (7:47)
Burpsuite Intercept (7:27)
Burpsuite Repeater (7:48)
Burpsuite Intruder (9:20)
Course Check-In
HTML Injection
HTML Injection - Theory (3:24)
HTML Injection 1 on TryHackMe (9:01)
HTML Injection 2 - Injecting User-Agent Header (3:49)
Injecting Cookie Field and Redirecting The Page (5:23)
Advance Example of HTML Injection (13:18)
Implement a New Life System
Command Injection/Execution
Command Injection Theory (4:14)
Command Injection On TryHackMe and Blind Command Injection (9:55)
Solving Challenges With Command Injection (9:30)
Running PHP Reverse Shell With Command Execution Vulnerability (7:26)
Bypassing Input Filter And Executing Command (7:24)
Broken Authentication
Broken Authentication Theory (4:23)
Broken Authentication On TryHackMe (6:00)
Broken Authentication Via Cookie (4:30)
Basic Authorization in HTTP Request (6:34)
Forgot Password Challenge (8:21)
Session Fixation Challenge (5:09)
Bruteforce Attacks
Cluster Bomb Bruteforce (6:38)
Hydra Bwapp Form Bruteforce (12:20)
Hydra Post Request Form Bruteforce (5:24)
Bonus - Hydra SSH Attack (4:14)
Sensitive Data Exposure
Sensitive Data Exposure Example (10:11)
Broken Access Control
Broken Access Control - Theory (6:27)
Accessing passwd With BAC (4:24)
Ticket Price IDOR (6:33)
Security Misconfiguration
Security Misconfiguration - Default App Credentials (4:41)
Exercise: Imposter Syndrome (2:55)
Cross Site Scripting - XSS
XSS Theory (6:12)
Changing Page Content With XSS (10:53)
Bypassing Simple Filter (3:48)
Downloading a File With XSS Vulnerability (9:05)
DOM XSS Password Generator (5:35)
JSON XSS (8:09)
Old Vulnerable Real Applications (4:11)
SQL Injection
SQL Injection Theory (4:00)
Guide To Exploiting SQL Injection (8:00)
Getting Entire Database (5:25)
Extracting Passwords From Database (19:43)
Bypassing Filter In SQL Query (6:06)
Blind SQL Injection (11:38)
XML, XPath Injection, XXE
XPath Injection (6:23)
XPath Injection 2 (3:57)
XXE (7:22)
Components With Known Vulnerabilities
Components With Known Vulnerabilities (10:06)
Insufficient Logging And Monitoring
Insufficient Logging And Monitoring Example (4:01)
Monetizing Bug Hunting
What's Next & How To Earn Money By Finding Vulnerabilities? (11:35)
Unique and Interesting Bugs Discovered
Bonus - Web Developer Fundamentals
Browsing the Web (6:00)
Breaking Google (2:59)
The Internet Backbone (5:29)
Traceroute (2:24)
HTML, CSS, Javascript (5:04)
Build Your First Website (7:48)
HTML Tags (8:39)
Your First CSS (13:42)
What Is Javascript? (5:33)
Your First Javascript (11:41)
Javascript On Our Webpage (9:05)
HTTP/HTTPS (19:58)
Introduction To Databases (10:54)
SQL: Create Table (5:15)
SQL: Insert Into + Select (4:33)
What is PHP? (5:16)
Bonus - Linux Terminal
Linux 1 - ls, cd, pwd, touch... (13:46)
Linux 2 - sudo, nano, clear ... (7:00)
Linux 3 - ifconfig, nslookup, host ... (7:34)
Bonus - Networking
Networking Cheatsheet
Where To Go From Here?
Thank You (1:13)
Review This Course!
Become An Alumni
Learning Guideline
ZTM Events Every Month
LinkedIn Endorsements
HTTP/HTTPS
This lecture is available exclusively for ZTM Academy members.
If you're already a member,
you'll need to login
.
Join ZTM To Unlock All Lectures