Bug Bounties: WhiteHat Hacking for Fun and Profit

The Techniques of Detecting Bugs, Learn from a Professional Bug Bounty Hunter

3.70 (37 reviews)

Bug Bounties: WhiteHat Hacking for Fun and Profit


5.5 hours


Nov 2020

Last Update
Regular Price

Blue Host
Fast, easy, and secure WordPress hosting in minutes + 1 free domain name

What you will learn

You will be able to learn how to find bugs in Webapps


A  career as a bug bounty hunter is something we should all strive for.  It's a way to earn money in a fun way while making this world a better  (at least a more bug-free) place. If you think that's something you  would like, this bug bounty course is just for you.

Reporting Bugs Pays Well!

In  this bug bounty course, you will learn how to earn while sitting  comfortably in your home and drinking coffee. You can use bug bounty  programs to level the cybersecurity playing field, cultivate a mutually  rewarding relationship with the security researcher community and  strengthen security in all kinds of systems.

While the practice  of catching and reporting web bugs is nothing new (and have been going  on for at least 20 years), widespread adoption of this practice by  enterprise organisations has only now begun lifting off.

World-known  companies like Facebook or Google are spending a lot of money for  bounties, so it's just the right time to hop on the gravy train.

For  example, Google pays a minimum of 100 dollars bounty. While Facebook  announced that the company determines the bounties based on a variety of  factors, for example, ease of exploitation, quality of the report and  impact. However, if Facebook pays out the bounty, it's a minimum of 500  dollars (though extremely low-risk issues do not qualify for bounties).

People  won as many as 33500 dollars for reporting bounties for Facebook.  Actually, the cases where bounty hunters got paid extremely well while  reporting bugs are endless.

Become a White Hat Hacker

In  this course, you will find out how to find bugs in websites. You will  know what you have to look in the website to find bugs.  This is one of  the ways how to become a hacker - a white hat hacker - who finds  vulnerabilities in systems and reports them to make the systems safer.   So if you ever asked yourself what is hacking, the answer is staring you  right in the face.

You will begin from the basics and learn  recon skills and take the first steps towards bug hunting and  information gathering. Then we will move on to learning about bugs -  what they are and how to detect them in web apps.

Best case  scenario, you won't only get paid, you will be invited to companies you  have helped, and then you'll be able to tell them how to be a hacker.

So it is not only a hobby, you will make the world a better place and make money while doing it.

Beginner Bounty Hunters Step Right Here

In this course, you will find out what are bugs and how to properly detect them in web applications.

So  if you are a beginner who knows HTML/JS Basics, Burp Suite and is  acquainted with web technologies like HTTP, HTTPS, etc., this is the  best course for you.

After you take this course, browsing through  the internet will not be just a hobby for you. You will look at every  web page with new eyes, scanning for bugs and earning opportunities.




More Lectures is On the way

Getting Familiar with Burp Suite

Configuring Burp with your Browser

Target Proxy and Spider tabs of Burp Suite

Spider, Intruder ,Repeater and Decoder tabs

Wrapping Up Burp


Gathering Information From the headers

Gathering Information Using Google Dorks

Information Gathering From Google Demo

Analyzing Files on Website for Juicy Endpoints

Looking For some Hidden Directories

Downloading the Source Code of Website

Gathering Information From WhatWeb

What is a Subdomain

Enumerating Subdomains

Using TheHarvester for some publicly available informations


Vhosts Discovery

Using Nmap for Information Gathering Purposes

Getting Familiar with Nmap

Different Type of Nmap Scans

Different Type of Nmap Scans Demo

Banner Grabbing Using Nmap

Information Gathering

Getting Starting in Finding bugs

Installing Your Testing Environment

Testing For HSTS

Robots.txt (demo)

Brute Force Attack

Bypassing Client Side Access Control

Hidden HTML Tags

Testing For Session Management Issues

Testing For cookies

Testing For Session Management

Authentication Testing

Testing For Broken Authentication

Authorization Testing


IDOR more explained

Directory Traversal

Client Side Testing


Exploiting CORS(Cross Origin Resource Sharing)

HTML Injection

Testing For Input Validaton

HTTP Parameter Pollution

XSS( Stored and Reflected)


File Upload Vulnerabilities

Unrestricted file Upload

Bypassing Content Type Header Protection

Bypassing Blacklists

Unvalidated Redirect and Forwards

Unvalidated Redirect and Forwards

Command Injection

Command Injection

Final Words

Retired Videos

What You will learn


Broken Authentication

Cookie Attributes

HTTP Parameter Pollution

HTML Injection

Session Management

Unrestricted file upload


Daniel20 March 2019

He just casually installs the security cert and goes....but not for me ....he need to do a "if this doesn't work section". Not sure any of this is relevant with HSTS.....very aggravating.

Shalini19 February 2019

I haven't finished this course yet, but the public review screen keeps popping up. I am in the middle of the course and so far what it lacks, is the real time examples where i can implement my knowledge at work. I can provide a better review once i finish the course.

Anuradha5 June 2018

The instructor should have to add more theory about the bugs. But overall practical is good worth watching

Mandeep15 May 2018

I can say that the instructor is knowledgeable as he defines each and every topic with a slow pace and to the point explanation. will take more course from this instructor

John22 April 2018

Very helpful and friendly will definitely take more courses from this instructor. Knowledgeable in material and helping student fix problems that may arise


Udemy ID


Course created date


Course Indexed date
Course Submitted by