Practical Bug Bounty

https://www.tcm.rocks/KeeperDemo Keeper Security’s next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). https://www.tcm.rocks/KeeperDemo Check out the full Practical Bug Bounty course here: https://www.tcm.rocks/PracticalBugBounty You can sign up for Intigriti's Program here: https://www.tcm.rocks/IntigritiSignUp Labs for this video: https://drive.google.com/file/d/1RhCnYNBJ49hhJ5QTaFUVZG5EhT-DVlt4/view?usp=sharing Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com 0:00:00 - Intro 0:03:00 - Keeper Security Sponsorship 0:03:48 - Course Introduction 0:10:02 - Importance of Web App Security 0:16:26 - Web App Security Standards and Best Practices 0:29:57 - Bug Bounty Hunting vs Penetration Testing 0:40:16 - Phases of a Web App Pentest 0:57:36 - CryptoCat Introduction 0:59:19 - Understanding Scope, Ethics, Code of Conduct, etc. 1:13:29 - Common Scoping Mistakes 1:37:59 - Installing VMWare / VirtualBox 1:41:14 - Installing Linux 1:50:20 - Lab Installation 1:57:36 - Web Technologies 2:02:14 - HTTP & DNS 2:05:47 - Fingerprinting Web Technologies 2:18:00 - Directory Enumeration and Brute Forcing 2:38:07 - Subdomain Enumeration 2:55:43 - Burp Suite Overview 3:34:35 - Introduction to Authentication 3:36:11 - Brute-force Attacks 3:43:11 - Attacking MFA 3:48:38 - Authentication Challenge Walkthrough 3:58:38 - Intro to Authorization 3:59:48 - IDOR - Insecure Direct Object Reference 4:06:15 - Introduction to APIs 4:11:04 - Broken Access Control 4:19:33 - Testing with Autorize 4:27:02 - Introduction to LFI/RFI 4:28:39 - Local File Inclusion Attacks 4:32:59 - Remote File Inclusion Attacks 4:40:37 - File Inclusion Challenge Walkthrough 4:45:05 - Conclusion 📱Social Media📱 ___________________________________________ Twitter: https://twitter.com/thecybermentor Twitch: https://www.twitch.tv/thecybermentor Instagram: https://instagram.com/thecybermentor LinkedIn: https://www.linkedin.com/in/heathadams TikTok: https://tiktok.com/@thecybermentor Discord: https://discord.gg/tcm 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1 EVGA 2080TI: https://amzn.to/30d2lj7 MSI Z390 MotherBoard: https://amzn.to/30eu5TL Intel 9700K: https://amzn.to/2M7hM2p G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu My Recording Equipment: Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp Aston Origin Microphone: https://amzn.to/2LFtNNE Rode VideoMicro: https://amzn.to/309yLKH Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB Elgato Cam Link 4K: https://amzn.to/2QlicYx Elgate Stream Deck: https://amzn.to/2OlchA5 *We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.