Web Security & Bug Bounty: Learn

Penetra on Tes ng

For more courses, resources and workshops, visit zerotomastery.io



ti
ti

 Here are the resources we use in the course and you can
use the links below for more informa on in each
sec on:

Crea ng Virtual Lab:

• 1) Virtual Box - h ps://www.virtualbox.org/
• 2) Kali Linux - h ps://www.kali.org/
• 3) OWASPBWA -h ps://sourceforge.net/projects/
owaspbwa/
• 4) TryHackMe Pla orm - h ps://tryhackme.com/
• 5) HackTheBox Pla orm(Op onal) - h ps://
www.hackthebox.eu/

Website Enumera on & Informa on Gathering

• 6) Google Dorking - h ps://www.exploit-db.com/google-
hacking-database
• 7) WhatWeb - h ps://tools.kali.org/web-applica ons/
whatweb
• 8) Dirb - h ps://tools.kali.org/web-applica ons/dirb
• 9) Nmap - h ps://nmap.org/
• 10) Nikto - h ps://tools.kali.org/informa on-gathering/
nikto
ti
ti

tt

tt
tt
tt
tt
tt
tf

ti
tf
tt

tt

tt
ti

ti

tt
ti
ti
ti

ti

 Introduc on To Burpsuite
• 11) Burpsuite - h ps://portswigger.net/burp
• 12) Burpsuite Usage - h ps://portswigger.net/burp/
documenta on/desktop/penetra on-tes ng

HTML Injec on
• 13) What is HTML Injec on - h ps://owasp.org/www-
project-web-security-tes ng-guide/latest/4-
Web_Applica on_Security_Tes ng/11-Client-side_Tes ng/
03-Tes ng_for_HTML_Injec on

Command Injec on
• 14) What is Command Injec on - h ps://owasp.org/www-
community/a acks/Command_Injec on

Broken Authen ca on
• 15) Broken Authen ca on - h ps://owasp.org/www-
project-top-ten/2017/A2_2017-Broken_Authen ca on

Bruteforce A acks
• 16) Hydra - h ps://tools.kali.org/password-a acks/hydra
ti
ti
ti
ti
tt
tt
ti
tt
ti

ti
tt
ti

ti

ti

ti
tt
ti

ti
ti
tt
tt
ti

ti
tt
ti

ti

tt
ti
ti
ti

 Broken Access Control

• 17) What is Broken Access Control - h ps://
hdivsecurity.com/owasp-broken-access-control

Security Miscon gura on

• 18) Problem With Default Creden als - h ps://
www.techrepublic.com/ar cle/how-to- nd-and- x-
vulnerable-default-creden als-on-your-network/

Cross Site Scrip ng - XSS

• 19) Useful XSS Cheatsheet - h ps://portswigger.net/web-
security/cross-site-scrip ng/cheat-sheet

SQL Injec on
• 20) Useful SQL Injec on Cheatsheet - h ps://
portswigger.net/web-security/sql-injec on/cheat-sheet

XXE
• 21) What Is XXE ? - h ps://portswigger.net/web-security/
xxe

ti

ti
fi
ti
tt
ti

ti

ti
ti

tt
ti
tt
ti
tt
fi

tt

fi

 Components With Known Vulnerabili es

• 22) What is the danger of CWKV ? - h ps://
hdivsecurity.com/owasp-using-components-with-known-
vulnerabili es

Logging & Monitoring

• 23) Why We Perform Logging & Monitoring - h ps://
www.appdynamics.com/product/how-it-works/
applica on-analy cs/log-analy cs/monitoring-vs-logging-
best-prac ces

Bug Bounty/Penetra on Tes ng Pla orms

• 24) BugCrowd - h ps://www.bugcrowd.com/
• 25) HackerOne - h ps://www.hackerone.com/
• 26) SynAck - h ps://www.synack.com/
• 27) In gri - h ps://www.in gri .com/
ti
ti
ti
ti
ti

tt
tt
ti
tt
tt
ti

ti
ti
ti
ti
tf
tt
ti

tt