Intro to Bug Bounty Hunting and Web Application Hacking

In late February he released his Course “Intro to Bug Bounty Hunting and Web Application Hacking, your introductory course into practical bug bounty hunting” on Udemy.
I took the course and here are my impressions and thoughts on it.

The instructor plans to keep the course contents updated and to extend the course, so there might be newly added sections that I didn’t include in my review.

At the time of the writing the course syllabus included

• Intro to Bug Hunting - Course Overview
• HTTP Basics
• Open Redirect
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• Insecure Direct Object Reference (IDOR)
• Local File Disclosure (LFD)
• SQL Injection
• Server Side Request Forgery (SSRF)
• XML External Entity (XXE)
• Remote Command Execution (RCE)
• Testing File Uploaders
• Recon
• How to Setup Your Lab (Installing and Demos)
• Hands On Hacking
• Next Steps & Outro

Whereas each vulnerability section consists of three parts: a general explanation of the vulnerability with detailed slides, how to look for it, and a live demo of how to actually exploit and find these vulnerabilities in different applications, in addition there is a while section dedicated to a Hands on Hacking Lab where different vulnerabilities are shown in a lab area on TryHackMe.

If you have ever watched one of Ben’s videos on youtube or twitch, you know that this guy has a lot of experience with providing high qualitiy streams.
The camera quality and the sound are brilliant and come over as highly professional. Throughout the whole course there is some background music but it’s not too strong to distract from the content, and while in general I prefer to have courses without background music as I tend to increase the speed and also to listen to my own music, in this case it just fits perfectly.
Voice and pronunciation are clear and at a pleasant speed, the instructor transports the content in an engaging manner.
Additional Resources are available where needed and where it makes sense.

I really enjoyed taking the course and I think it is a very good start for everybody who wants to get a good hands on introduction into web application hacking and bug bounty.
I would recommend beginners though to take the course chapters also as a guide line on topics to delve deeper into either while taking the course or afterwards.
For example with SQL Injection, if you are not that savvy with SQL (joins, unions, etc.) it might be a great opportunity to sidetrack a little from the course, learn a bit more about SQL and then come back or to work through the Chapter first, take some lessons in SQL and then come back and re-take the chapter so you fully understand what’s going on there.

Since I have some prior experience with web application vulnerabilities, some of the basic chapters were more repetitions or reiterations of what I already knew but I found the lab especially helpful as it really shows you how to approach a potential target as well as the videos on how to write a good report that are filed under “Next Steps & Outro” as this tends to be overlooked oftentimes in other courses.

So, all in all I can really recommend this course. ⭐⭐⭐⭐⭐

If you want to check it out, you can find it on udemy here:
https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/

**Please note that I don’t receive any financial benefits, I don’t provide referral links here. This is just my own personal opinion and recommendation of something that I think might be valuable for visitors.

You can also check nahamsec on Youtube, Twitch and Twitter which I can highly recommends a he publishes great content with many different hackers on a regular basis and I think you can learn a lot from his channels.

https://nahamsec.com/
https://www.twitch.tv/nahamsec
https://www.youtube.com/NahamSec
https://twitter.com/NahamSec

• review
• bugbounty