- Introduction 3
- Course IntroductionLecture1.103 min
- Introduction to Bug HuntingLecture1.2
- What is a Website?Lecture1.305 min
- Information Disclosure vulnerabilities 8
- Introduction to Information Disclosure VulnerabilitiesLecture2.1
- Discovering Database Login CredentialsLecture2.209 min
- Discovering Endpoints & Sensitive DataLecture2.308 min
- Introduction to HTTP Status CodesLecture2.408 min
- Employing the Hacker / Bug Hunter Mentality to Discover Admin Login InformationLecture2.508 min
- Manipulating Application Behaviour Through the HTTP GET MethodLecture2.606 min
- Manipulating Application Behaviour Through the HTTP POST MethodLecture2.707 min
- Intercepting Requests With Brup ProxyLecture2.810 min
- Broken Access Control Vulnerabilities 6
- Introduction to Broken Access Control VulnerabilitiesLecture3.1
- Cookie ManipulationLecture3.2
- Accessing Private User DataLecture3.307 min
- Discovering IDOR Vulnerabilities (Insecure Direct Object Reference)Lecture3.409 min
- Privilege Escalation with Burp RepeaterLecture3.510 min
- Debugging Flows with HTTP TRACE & Gaining Admin Access!Lecture3.608 min
- Path / Directory Traversal 7
- Introduction to Path Traversal Vulnerabilities & Basic DiscoveryLecture4.109 min
- Bypassing Absolute Path RestrictionLecture4.205 min
- Bypassing Hard-coded ExtensionsLecture4.304 min
- Bypassing FilteringLecture4.404 min
- Bypassing Hard-coded PathsLecture4.504 min
- Bypassing Advanced FilteringLecture4.606 min
- Bypassing Extreme FilteringLecture4.709 min
- CSRF - Cross-Site Request Forgery 1
- Discovering & Exploiting CSRF VulnerabilitiesLecture5.109 min
- OAUTH 2.0 Vulnerabilities 4
- Introduction to OAUTH 2.0Lecture6.1
- OAUTH 2.0 Basic ExploitationLecture6.210 min
- Exploiting a Linking OAUTH 2.0 Flow Through CSRFLecture6.312 min
- Exploiting a Login OAUTH 2.0 Flow Through CSRFLecture6.413 min
- Injection Vulnerabilities 1
- Introduction to Injection VulnerabilitiesLecture7.1
- OS Command Injection 4
- Discovering a Basic Command Injection VulnerabilityLecture8.108 min
- Discovering Blind Command Injection VulnerabilitiesLecture8.209 min
- Discovering Asynchronous Blind Command Injection VulnerabilitiesLecture8.308 min
- Using Burp Collaborator to Exploit Asynchronous Blind Command InjectionLecture8.405 min
- XSS - Cross Site Scripting 3
- Introduction to XSS Vulnerabilities & Its TypesLecture9.104 min
- Discovering a HTML Injection VulnerabilityLecture9.205 min
- Discovering Reflected & Stored XSS VulnerabilitiesLecture9.305 min
- DOM XSS Vulnerabilities 6
- Introduction to DOM XSS VulnerabilitiesLecture10.105 min
- Discovering a Reflected DOM XSS in a LinkLecture10.206 min
- Discovering a Reflected XSS in an Image Tag!Lecture10.306 min
- Injecting Javascript Directly in a Page ScriptLecture10.406 min
- Discovering XSS in a Drop-down MenuLecture10.504 min
- Discovering XSS in AngularJS ApplicationLecture10.604 min
- XSS - Bypassing Security 5
- Bypassing Basic FilteringLecture11.106 min
- Bypassing Single-Quotes FilteringLecture11.2
- Bypassing Advanced FilteringLecture11.310 min
- Bypassing Server-Side FilteringLecture11.407 min
- Bypassing Extreme Filtering with Burp IntruderLecture11.509 min
- Bypassing Content Security Policy (CSP) 2
- Analysing the Target ApplicationLecture12.106 min
- Discovering an XSS in a CSP Enabled ApplicationLecture12.208 min
- SQL Injection Vulnerabilities 5
- Introduction to SQL Injection VulnerabilitiesLecture13.107 min
- Discovering SQL InjectionsLecture13.207 min
- Bypassing Admin Login Using Logical OperatorsLecture13.305 min
- Selecting Data From the DatabaseLecture13.408 min
- Accessing The Database Admin RecordsLecture13.507 min
- Blind SQL Injections 4
- Discovering Blind SQL InjectionsLecture14.106 min
- Enumerating Table & Column NamesLecture14.210 min
- Recovering Administrator Password With Burp IntruderLecture14.308 min
- Using the Cluster-Bomb Attack to Recover PasswordsLecture14.408 min
- Time-Based Blind SQL Injection 3
- Discovering Time-Based Blind SQLiLecture15.108 min
- Extracting Data From the Database Using a Time-Based Blind SQLiLecture15.211 min
- Getting The Admin Password Using a Time-Based Blind SQLiLecture15.3
- SSRF (Server-Side Request Forgery) 4
- Introduction to SSRF VulnerabilitiesLecture16.1
- Theory Behind SSRF Vulnerabilities & Their ImpactLecture16.207 min
- Discovering a Basic SSRF VulnerabilityLecture16.305 min
- Accessing Private (Admin) Resources Using an SSRF VulnerabilityLecture16.406 min
- SSRF - Advanced Exploitation 2
- Advanced SSRF DiscoveryLecture17.106 min
- Scanning & Mapping Internal Network & ServicesLecture17.208 min
- SSRF - Bypassing Security 3
- Bypassing BlacklistsLecture18.108 min
- Bypassing WhitelistsLecture18.210 min
- Chaining Open Redirection with SSRF to Bypass Restrictive FiltersLecture18.307 min
- Blind SSRF Vulnerabilities 4
- Introduction to Blind SSRF VulnerabilitiesLecture19.1
- Discovering Blind SSRF VulnerabilitiesLecture19.206 min
- Exploiting Blind SSRF VulnerabilitiesLecture19.308 min
- Escalating Blind SSRF to a Remote Code Execution (RCE)Lecture19.408 min
- XXE (XML External Entity) Injection 4
- Introduction to XXE Injection VulnerabilitiesLecture20.1
- What is XML?Lecture20.203 min
- Exploiting a Basic XXE InjectionLecture20.309 min
- Discovering an SSRF Through a Blind XXELecture20.407 min
- 2 Hour Live Bug Hunting ! 14
- 2 Hour Live Bug Hunt IntroductionLecture21.1
- Overview of the TargetLecture21.209 min
- Discovering an Open Redirect VulnerabilityLecture21.307 min
- Discovering an XSS in the ResponseLecture21.409 min
- Discovering an XSS in a HTML CommentLecture21.509 min
- Discovering an XSS in a Date PickerLecture21.606 min
- Broken Access Control in Booking PageLecture21.706 min
- Analysing Application Files & Finding Sensitive DataLecture21.812 min
- Discovering Endpoints Hidden In CodeLecture21.904 min
- Discovering an IDOR – Insecure Direct Object ReferenceLecture21.1004 min
- Discovering Hidden Endpoints Using RegexLecture21.1109 min
- Discovering a Complex Stored XSSLecture21.1211 min
- Discovering Bugs in Hidden ElementsLecture21.1308 min
- Discovering Bugs in Hidden ParametersLecture21.1407 min
- Participating in Bug Bounty Programs 3
- Hacker1 OverviewLecture22.110 min
- Bug-Bounty OverviewLecture22.206 min
- Submitting a Bug ReportLecture22.308 min
- Bonus Section 1
- Bonus Lecture – Want to learn more?Lecture23.103 min
Introduction to OAUTH 2.0
This lecture introduces you to OAUTH 2.0, how it works and what it’s used for.
This knowledge is very important to test the security of social logins.