| Date | Day | Time | Duration |
| 21 Aug | Monday | 0900-17:00 ICT/GMT+7 | 8 Hours |
| 22 Aug | Tuesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
| 23 Aug | Wednesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
Bug bounties, also known as responsible disclosure programs, are set up by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security, then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.
Day 1
Day 2
Day 3
- Introduction - Information Gathering & Basic Terminologies 2: Recon For Bug Bounty Hunting - Introduction of Burpsuite - Host Header Injection - URL Redirection - Parameter Tampering - HTML Injection - File Inclusion - Missing/insufficient SPF record - Insecure CORS Configuration - Server Side Request Forgery 13: Critical File Found - Source Code Disclosure - Cross Site Request Forgery 16: NO RATE LIMITING - Long Password Dos Attack - HSTS - Insecure Direct Object Reference
- Comprehensive XSS - Hostile Subdomain Takeover - SQL Injection - Command Injection - File Uploading - XML External Entity Injection 26: Account Lockout - Advanced SQL Injection
- Android App Dynamic Vulnerability Hunting 29: Ios App Dynamic Vulnerability Hunting - Hostile Subdomain Takeover - Buffer Overflow - Wordpress - Joomla - Drupal - Cms Vulnerability Hunting 36: Session Fixation - Conclusion
Himanshu Mehta is currently working as a Security Officer at Atos and is very passionate about Cyber Security and Threat Intelligence. He is the advisory board member of the ECCouncil’s Licensed Penetration Tester group and HackersEra.
He is involved in several bug bounty & Capture the Flag programs around the globe and has been invited to present his research at multiple renowned international security conferences like BlackHat, RSAC USA, ICS Singapore, Hack In Paris, HITB (Amsterdam, Dubai, Abu Dhabi), SecurityFest (Sweden), InfoSecurity (London), Offzone (Moscow), NanoSec (Malaysia), DSCI, National Cyber Security Conference, Best of the world Conference & Hakon.
He previously worked as the Head of Cyber Threat Intelligence at Hive Pro, Senior Security Researcher at Darkmatter and led a global team of security intelligence at Symantec, which gave very good insight and increased his thirst into cyber-security that helped him eventually to emerge as a creative leader.
Vikash Chaudhary is a Pillar of the Indian Ethical Hackers community and is responsible for a whole new generation of rising ethical hackers, a lot of whom successfully contribute to platforms like HackerOne & Bugcrowd. He’s looking to expand his mentorship for the new generation to come in this field i.e. Cyber Security, which he thinks could be a great resource to help grow the security talent pool worldwide.
He is also the author of multiple security courses:
1. “Offensive Approach to Hunt Bugs” A manual Hands-on Bug Bounty Course.
2. “Offensive Bug Bounty – Hunter 2.0”
3. “SDR Exploitation” Hands-On Penetration testing up in the air.
Recently, his name was enlisted in the “Top 100 Security Researcher of Microsoft” and his rank is 51 among top 100 security researchers around the globe.
