Course Curriculum
1. Course Introduction
Available in
days
days
after you enroll
2. OWASP Top 10
Available in
days
days
after you enroll
- 1. What is OWASP and Injection (9:55)
- 2. What is Broken Authentication (2:57)
- 3. What is Sensitive Data Exposure (5:33)
- 4. What is XML External Entities (2:43)
- 5. What is Broken Access Control (4:11)
- 6. What is Security Misconfiguration (2:24)
- 7. What is Cross Site Scripting (XSS) (3:52)
- 8. What is Insecure Deserialization (2:07)
- 9. What is Using Components with Known Vulnerabilities (2:11)
- 10. What is Insufficient Logging and Monitoring (3:03)
3. Burp Suite and Lab Setup
Available in
days
days
after you enroll
4. Authentication Bypass
Available in
days
days
after you enroll
- 1. Authentication Bypass Exploitation Live -1 (5:46)
- 2. Authentication Bypass Exploitation Live -2 (4:23)
- 3. Authentication Bypass Exploitation Live -3 (2:51)
- 4. Authentication Bypass Exploitation Live -4 (3:40)
- 5. Authentication Bypass Exploitation Live -5 (4:33)
- 6. Authentication Bypass Exploitation Captcha (2:48)
- 7. Authentication Bypass to Account Takeover Live -1 (5:35)
- 8. Authentication Bypass to Account Takeover Live -2 (3:52)
- 9. Authentication Bypass due to OTP Exposure Live -1 (4:10)
- 10. Authentication Bypass due to OTP Exposure Live -2 (3:14)
- 11. Authentication Bypass 2FA Bypass Live (3:40)
- 12. Authentication Bypass - Email Takeover Live (5:58)
- 13. Authentication Bypass Mitigations (1:58)
- 14. Authentication Bypass Interview Questions and Answers (4:16)
5. No Rate-Limit Attacks
Available in
days
days
after you enroll
- 1. No Rate-Limit leads to Account Takeover Live Type-1 (12:30)
- 2. NO RL Alternative Tools Introduction (1:57)
- 3. No Rate-Limit leads to Account Takeover Live Type -2 (9:53)
- 4. No Rate-Limit leads to Account Takeover Live Type -3 (5:34)
- 5. No Rate-Limit leads to Account Takeover Live Type -4 (5:15)
- 6. No Rate-Limit leads to Account Takeover Live Type -5 (5:26)
- 7. No Rate-Limit to Account Takeover Live - Type 6 (6:58)
- 8. No Rate-Limit to Account Takeover Live - Type 7 (6:10)
- 9. No Rate-Limit Instagram Report Breakdown (0:55)
- 10. No Rate-Limit Instagram Report Breakdown 2 (4:15)
- 11. No Rate Limit Bypass Report Breakdown (5:29)
- 12. No Rate Limit Bypass Report Breakdown 2 (5:21)
- 13. No Rate-Limit to Tool Fake IP Practical (4:02)
- 14. No Rate-Limit test on CloudFare (4:08)
- 15. No Rate-Limit Mitigations (2:03)
- 16. No Rate-Limit All Hackerone Reports Breakdown (5:15)
- 17. Burp Alternative OWASP ZAP Proxy for No RL (12:23)
6. Cross Site Scripting (XSS)
Available in
days
days
after you enroll
- 1. How XSS Works (6:15)
- 2. Reflected XSS on Live 1 (3:12)
- 3. Reflected XSS on Live 2 (1:36)
- 4. Reflected XSS on Live Manual Balancing (9:52)
- 5. Reflected XSS on Live 3 Balanced (3:40)
- 6. XSS on Limited Inputs Live 1 (3:20)
- 7. XSS on Limited Inputs Live 2 (2:51)
- 8. XSS in Request Headers - Live (3:47)
- 9. Reflected XSS Useragent and Caching (6:41)
- 10. Reflected XSS Email Validator Live (4:49)
- 11. Reflected XSS Protection Bypass Live 1 - Base64 (5:36)
- 12. Reflected XSS Protection Bypass Live -2 (5:18)
- 13. XSS using Spider (6:30)
- 14. XSS Bypass Right Click Disabled (4:16)
- 15. Blind XSS Exploitation (5:54)
- 16. Stored XSS Exploitation Live (9:19)
- 17. DOM XSS Name (6:11)
- 18. DOM XSS Redirect (2:20)
- 19. DOM XSS Index (2:50)
- 20. DOM XSS Automated Scanner (12:05)
- 21. XSS on Live by Adding Parameters (3:22)
- 22. XSS Mouse on Lab (2:54)
- 23. XSS Mouse Live (1:44)
- 24. XSS Mouse Events All Types (3:25)
- 25. XSS Polyglots Live (6:54)
- 26. XSS Polyglots Breakdown (2:17)
- 27. XSS Exploitation - URL Redirection (4:38)
- 28. XSS Exploitation - Phishing (4:05)
- 29. XSS Exploitation Cookie Stealer Lab (10:14)
- 30. XSS Exploitation Cookie Stealer Live (8:35)
- 31. XSS Exploitation File Upload Type -2 (3:08)
- 32. XSS Exploitation File Upload Type -3 (6:32)
- 33. XSS Exploitation File Upload Type- 1 (3:23)
- 34. XSS Mitigations (2:19)
- 35. XSS Bonus TIPS and TRICKS (5:13)
- 36. XSS Hackerone ALL Reports Breakdown (8:31)
- 37. XSS Interview Questions and Answers (7:46)
7. Cross Site Request Forgery (CSRF)
Available in
days
days
after you enroll
- 1. How CSRF Works (4:53)
- 2. CSRF Alternative Tools Introduction (2:17)
- 3. CSRF on LAB (2:54)
- 4. CSRF on LAB - 2 (9:09)
- 5. CSRF on Live -1 (1:30)
- 6. CSRF on Live -2 (10:12)
- 7. CSRF Password Change Lab (3:28)
- 8. CSRF Funds Transfer Lab (3:05)
- 9. CSRF Request Methods Trick - Lab (3:32)
- 10. CSRF to Account Takeover Live -1 (7:12)
- 11. CSRF to Account Takeover Live -2 (7:38)
- 12. Chaining CSRF with XSS (2:27)
- 13. CSRF Mitigations (3:26)
- 14. CSRF BONUS Tips and Tricks (2:11)
- 15. CSRF ALL Hackerone Reports Breakdown (13:17)
- 16. CSRF Interview Questions and Answers (6:06)
- 17. Alternative to Burpsuite for CSRF CSRF PoC Generator (13:01)
8. Cross Origin Resource Sharing (CORS)
Available in
days
days
after you enroll
- 1. How CORS Works (3:16)
- 2. CORS 3 Test Cases Fundamentals (8:51)
- 3. CORS Exploitation Live -2 Exfiltration of Account Details (2:31)
- 4. CORS Exploitation Live -3 Exfiltration of Account Details (4:59)
- 5. CORS Live Exploitation -4 (1:45)
- 6. CORS Exploitation Facebook Live (2:04)
- 7. CORS Live Prefix Match (4:00)
- 8. CORS Live Suffix Match (4:11)
- 9. CORS Mitigations (2:13)
- 10. CORS Breakdown of ALL Hackerone Reports (10:55)
9. How to start with Bug Bounty Platforms and Reporting
Available in
days
days
after you enroll
10. Exploitation of CVE 2020-5902 Remote Code Execution
Available in
days
days
after you enroll
11. Exploitation of CVE 2020-3452 File Read
Available in
days
days
after you enroll
12. Exploitation of CVE 2020-3187 File Delete
Available in
days
days
after you enroll